On Mon, Feb 02, 2015 at 11:40:44AM +0800, Luyao Huang wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1188088 > > When the firewalld is running and then start the libvirtd, libvirt > will set the current backend as VIR_FIREWALL_BACKEND_FIREWALLD. > But when firewalld is stop, we still try to use firewalld even it > is stopped, this will make the vm which has nwfilter cannot start > because systemd cannot find a running firewalld service. > > We already have a Dbus callback functions before, add a recheck for > the validating backend in firewalld_dbus_filter_bridge and > nwfilterFirewalldDBusFilter callback functions to help us dynamic > change the validating backend. NACK, this is not desirable IMHO. Just because firewalld is stopped does not imply that it should not be used by libvirt. It may simply be in the process of being restarted, either by the admin or due to an RPM upgrade. Switching a host between firewalld & non-firewalld managmenet is not something that is typically done - the decision to use firewalld is something taken at time of initial provisioning. So I don't think libvirt should optimize for that scenario. We should optimize for a host always using one or the other exclusively and not try to dynamically switch. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list