Signed-off-by: Eric Garver <eric@xxxxxxxxxxx> --- src/libvirt_private.syms | 1 + src/util/virfirewalld.c | 31 +++++++++++++++++++++++++++++++ src/util/virfirewalld.h | 1 + 3 files changed, 33 insertions(+) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 64d932e929eb..9ea3062f75e9 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2345,6 +2345,7 @@ virFirewallDGetVersion; virFirewallDGetZones; virFirewallDInterfaceSetZone; virFirewallDIsRegistered; +virFirewallDPolicyExists; virFirewallDSynchronize; virFirewallDZoneExists; diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c index 0912508dbc45..ad879164c3a8 100644 --- a/src/util/virfirewalld.c +++ b/src/util/virfirewalld.c @@ -296,6 +296,37 @@ virFirewallDZoneExists(const char *match) } +/** + * virFirewallDPolicyExists: + * @match: name of policy to look for + * + * Returns true if the requested policy exists, or false if it doesn't exist + */ +bool +virFirewallDPolicyExists(const char *match) +{ + size_t npolicies = 0, i; + char **policies = NULL; + bool result = false; + + if (virFirewallDGetPolicies(&policies, &npolicies) < 0) + goto cleanup; + + for (i = 0; i < npolicies; i++) { + if (STREQ_NULLABLE(policies[i], match)) + result = true; + } + + cleanup: + VIR_DEBUG("Requested policy '%s' %s exist", + match, result ? "does" : "doesn't"); + for (i = 0; i < npolicies; i++) + VIR_FREE(policies[i]); + VIR_FREE(policies); + return result; +} + + /** * virFirewallDApplyRule: * @layer: which layer to apply the rule to diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h index ef05896e2b8b..fa4c9e702ccb 100644 --- a/src/util/virfirewalld.h +++ b/src/util/virfirewalld.h @@ -35,6 +35,7 @@ int virFirewallDIsRegistered(void); int virFirewallDGetZones(char ***zones, size_t *nzones); int virFirewallDGetPolicies(char ***policies, size_t *npolicies); bool virFirewallDZoneExists(const char *match); +bool virFirewallDPolicyExists(const char *match); int virFirewallDApplyRule(virFirewallLayer layer, char **args, size_t argsLen, bool ignoreErrors, -- 2.35.3