https://bugzilla.redhat.com/show_bug.cgi?id=1188088 When the firewalld is running and then start the libvirtd, libvirt will set the current backend as VIR_FIREWALL_BACKEND_FIREWALLD. But when firewalld is stop, we still try to use firewalld even it is stopped, this will make the vm which has nwfilter cannot start because systemd cannot find a running firewalld service. We already have a Dbus callback functions before, add a recheck for the validating backend in firewalld_dbus_filter_bridge and nwfilterFirewalldDBusFilter callback functions to help us dynamic change the validating backend. Signed-off-by: Luyao Huang <lhuang@xxxxxxxxxx> --- src/libvirt_private.syms | 1 + src/network/bridge_driver.c | 6 ++++++ src/nwfilter/nwfilter_driver.c | 6 ++++++ src/util/virfirewall.c | 8 ++++++++ src/util/virfirewall.h | 2 ++ 5 files changed, 23 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f7f8ea2..dd953b2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1386,6 +1386,7 @@ virFirewallAddRuleFull; virFirewallApply; virFirewallFree; virFirewallNew; +virFirewallRecheckBackend; virFirewallRemoveRule; virFirewallRuleAddArg; virFirewallRuleAddArgFormat; diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index c56e8f2..c0e77e6 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -60,6 +60,7 @@ #include "viruuid.h" #include "viriptables.h" #include "virlog.h" +#include "virfirewall.h" #include "virdnsmasq.h" #include "configmake.h" #include "virnetdev.h" @@ -448,6 +449,11 @@ firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED, DBusMessage *message, void *user_data ATTRIBUTE_UNUSED) { if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, + "NameOwnerChanged")) { + virFirewallRecheckBackend(); + } + + if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, "NameOwnerChanged") || dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", "Reloaded")) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 8e3db43..5f8c48d 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -29,6 +29,7 @@ #include "virdbus.h" #include "virlog.h" +#include "virfirewall.h" #include "internal.h" @@ -87,6 +88,11 @@ nwfilterFirewalldDBusFilter(DBusConnection *connection ATTRIBUTE_UNUSED, void *user_data ATTRIBUTE_UNUSED) { if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, + "NameOwnerChanged")) { + virFirewallRecheckBackend(); + } + + if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS, "NameOwnerChanged") || dbus_message_is_signal(message, "org.fedoraproject.FirewallD1", "Reloaded")) { diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index cd7afa5..ae00816 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -980,3 +980,11 @@ virFirewallApply(virFirewallPtr firewall) virMutexUnlock(&ruleLock); return ret; } + +int +virFirewallRecheckBackend(void) +{ + currentBackend = VIR_FIREWALL_BACKEND_AUTOMATIC; + + return virFirewallValidateBackend(currentBackend); +} diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h index dbf3975..fa4bd8b 100644 --- a/src/util/virfirewall.h +++ b/src/util/virfirewall.h @@ -108,4 +108,6 @@ int virFirewallApply(virFirewallPtr firewall); void virFirewallSetLockOverride(bool avoid); +int virFirewallRecheckBackend(void); + #endif /* __VIR_FIREWALL_H__ */ -- 1.8.3.1 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list