When running tests in a restricted container (as opposed to a full OS install), we can't assume ebtables/iptbles/ip6tables are going to be installed. We must check this and mark the tests as skipped. Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> --- tests/networkxml2firewalltest.c | 13 +++++++++++++ tests/nwfilterebiptablestest.c | 13 +++++++++++++ tests/nwfilterxml2firewalltest.c | 12 ++++++++++++ tests/virfirewalltest.c | 13 +++++++++++++ 4 files changed, 51 insertions(+) diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c index 58a9516..fed0e66 100644 --- a/tests/networkxml2firewalltest.c +++ b/tests/networkxml2firewalltest.c @@ -108,6 +108,14 @@ testCompareXMLToIPTablesHelper(const void *data) return result; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -131,6 +139,11 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + ret = -1; goto cleanup; } diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c index 4357133..6073423 100644 --- a/tests/nwfilterebiptablestest.c +++ b/tests/nwfilterebiptablestest.c @@ -517,6 +517,14 @@ testNWFilterEBIPTablesApplyDropAllRules(const void *opaque ATTRIBUTE_UNUSED) return ret; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -526,6 +534,11 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + ret = -1; goto cleanup; } diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c index 95ab46e..3d6e792 100644 --- a/tests/nwfilterxml2firewalltest.c +++ b/tests/nwfilterxml2firewalltest.c @@ -445,6 +445,14 @@ testCompareXMLToIPTablesHelper(const void *data) return result; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -468,6 +476,10 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } ret = -1; goto cleanup; } diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 0f703a6..ac99b82 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -1123,11 +1123,24 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) return ret; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) { int ret = 0; + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + # define RUN_TEST_DIRECT(name, method) \ do { \ struct testFirewallData data; \ -- 2.9.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list