mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
network: only reload firewall after firewalld is finished restarting
The network driver used to reload the firewall rules whenever a dbus NameOwnerChanged message for org.fedoraproject.FirewallD1 was received. Presumably at some point in the past this was successful at reloading our rules after a firewalld restart. Recently though I noticed that once firewalld was restarted, libvirt's logs would get this message: The name org.fedoraproject.FirewallD1 was not provided by any .service files After this point, no networks could be started until libvirtd itself was restarted. The problem is that the NameOwnerChanged message is sent twice during a firewalld restart - once when the old firewalld is stopped, and again when the new firewalld is started. If we try to reload at the point the old firewalld is stopped, none of the firewalld dbus calls will succeed. The solution is to check the new_owner field of the message - we should reload our firewall rules only if new_owner is non-empty (it is set to "" when firewalld is stopped, and some sort of epoch number when it is again started). Signed-off-by: Laine Stump <laine@laine.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
687f556750
commit
fc79e73836
@ -543,12 +543,32 @@ firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED,
|
||||
void *user_data)
|
||||
{
|
||||
virNetworkDriverStatePtr driver = user_data;
|
||||
bool reload = false;
|
||||
|
||||
if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
|
||||
"NameOwnerChanged") ||
|
||||
dbus_message_is_signal(message, "org.fedoraproject.FirewallD1",
|
||||
"Reloaded"))
|
||||
{
|
||||
if (dbus_message_is_signal(message,
|
||||
"org.fedoraproject.FirewallD1", "Reloaded")) {
|
||||
reload = true;
|
||||
|
||||
} else if (dbus_message_is_signal(message,
|
||||
DBUS_INTERFACE_DBUS, "NameOwnerChanged")) {
|
||||
|
||||
VIR_AUTOFREE(char *) name = NULL;
|
||||
VIR_AUTOFREE(char *) old_owner = NULL;
|
||||
VIR_AUTOFREE(char *) new_owner = NULL;
|
||||
|
||||
if (virDBusMessageDecode(message, "sss", &name, &old_owner, &new_owner) < 0) {
|
||||
VIR_WARN("Failed to decode DBus NameOwnerChanged message");
|
||||
return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
|
||||
}
|
||||
/*
|
||||
* if new_owner is empty, firewalld is shutting down. If it is
|
||||
* non-empty, then it is starting
|
||||
*/
|
||||
if (new_owner && *new_owner)
|
||||
reload = true;
|
||||
}
|
||||
|
||||
if (reload) {
|
||||
VIR_DEBUG("Reload in bridge_driver because of firewalld.");
|
||||
networkReloadFirewallRules(driver, false);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user