Re: [PATCH 1/3] meson: Improve default firewall backend configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/28/24 12:59 PM, Andrea Bolognani wrote:
On Tue, May 28, 2024 at 12:50:51PM GMT, Laine Stump wrote:
On 5/28/24 12:31 PM, Pavel Hrdina wrote:
On Tue, May 28, 2024 at 05:49:19PM +0200, Andrea Bolognani wrote:
+  if (not firewall_backend_priority.contains('nftables') or
+      not firewall_backend_priority.contains('iptables') or
+      firewall_backend_priority.length() != 2)

No need to have a check for specific values. Meson will already check if
they are from the list of choices defined in meson_options.txt .

But we don't just need to check that the values in the list are all valid
options; we also want to make sure that nobody has entered the same value
multiple times (which this ends up doing by making sure that there is at
least one entry for each valid value, and that the list is the same length
as the number of valid values).

Yes, that was exactly the idea.

Or do we not care if someone repeats the same value? Maybe somebody wants to
include iptables support in the build, but not look for it automatically
(instead only use it if it's explicitly requested in network.conf). One way
of doing that would be to sent firewall_backend_priority = nftables,nftables

(that does seem a bit obtuse; perhaps it would be better to allow limiting
the length of the option list to 1)

If that's something that we want to allow, then we should include
explicit support for it rather than make it possible through obscure
runes :)

Agreed. Just trying to come up with a valid advantage for not checking that all values are present :-)

I'm not sure we really need to bother, but I don't feel strongly
either way so I could be persuaded to look into it. Perhaps as an
after-release follow up, though?

Seeing that we could all change our opinion tomorrow, my choice would be to push what you currently have and then discuss tweaks later. The important thing that needs to be gotten correct from the beginning is the basic public "API", and I think the way you have it is solid, and none of these details will affect that.


+option('firewall_backend_priority', type: 'array', choices: ['nftables', 'iptables'], description: 'firewall backends to try, preferred ones first')

What about "order of firewall backends to try"? The part "preferred ones
first" sounds strange to me.

Sure, that works too.




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux