If the firewalld backend wasn't available and libvirt decides to try
setting up a "direct" backend, it checks for the presence of iptables,
ip6tables, and ebtables. If they are not found, a message like this is logged:
error : virFirewallValidateBackend:193 : direct firewall backend
requested, but /usr/sbin/ip6tables is not available:
No such file or directory
But then at a later time if an attempt is made to use the virFirewall
API, failure will be indicated with:
error : virFirewallApply:936 : out of memory
This patch changes virFirewallApply to first check if a firewall
backend hadn't been successfully setup, and logs a slightly more
informative message in that case:
error : virFirewallApply:940 : internal error:
Failed to initialize a valid firewall backend
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876
---
src/util/virfirewall.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index 2251f97..a972c05 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -1,7 +1,7 @@
/*
* virfirewall.c: integration with firewalls
*
- * Copyright (C) 2013, 2014 Red Hat, Inc.
+ * Copyright (C) 2013-2015 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -932,6 +932,14 @@ virFirewallApply(virFirewallPtr firewall)
virMutexLock(&ruleLock);
+ if (currentBackend == VIR_FIREWALL_BACKEND_AUTOMATIC) {
+ /* a specific backend should have been set when the firewall
+ * object was created. If not, it means none was found.
+ */
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Failed to initialize a valid firewall backend"));
+ goto cleanup;
+ }
if (!firewall || firewall->err == ENOMEM) {
virReportOOMError();
goto cleanup;
--
2.1.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list