[PATCH 1/2] network: skip network driver init if no firewall backend is present

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Tue, 11 Jun 2024 17:47:57 +0100

If neither iptables or nftables are present, and no explicit config
setting was made, skip network driver initialization, rather than
making it a hard error.

This allows libvirtd to carry on operating with the network driver
disabled, while ensuring virtnetworkd will shutdown.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 src/network/bridge_driver.c      | 8 +++++++-
 src/network/bridge_driver_conf.c | 8 ++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 32572c755f..371bc2bae6 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -588,6 +588,7 @@ networkStateInitialize(bool privileged,
 #ifdef WITH_FIREWALLD
     GDBusConnection *sysbus = NULL;
 #endif
+    int ret = VIR_DRV_STATE_INIT_ERROR;
 
     if (root != NULL) {
         virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -611,6 +612,11 @@ networkStateInitialize(bool privileged,
     if (!(network_driver->config = cfg = virNetworkDriverConfigNew(privileged)))
         goto error;
 
+    if (network_driver->config->firewallBackend == -1) {
+        ret = VIR_DRV_STATE_INIT_SKIPPED;
+        goto error;
+    }
+
     if ((network_driver->lockFD =
          virPidFileAcquire(cfg->stateDir, "driver", getpid())) < 0)
         goto error;
@@ -689,7 +695,7 @@ networkStateInitialize(bool privileged,
 
  error:
     networkStateCleanup();
-    return VIR_DRV_STATE_INIT_ERROR;
+    return ret;
 }
 
 
diff --git a/src/network/bridge_driver_conf.c b/src/network/bridge_driver_conf.c
index e2f3613a41..f6c89ddddf 100644
--- a/src/network/bridge_driver_conf.c
+++ b/src/network/bridge_driver_conf.c
@@ -132,7 +132,7 @@ virNetworkLoadDriverConfig(virNetworkDriverConfig *cfg G_GNUC_UNUSED,
     if (fwBackendSelected) {
         VIR_INFO("using firewall_backend: '%s'",
                  virFirewallBackendTypeToString(cfg->firewallBackend));
-        return 0;
+        return 1;
 
     } else if (fwBackendStr) {
 
@@ -143,9 +143,9 @@ virNetworkLoadDriverConfig(virNetworkDriverConfig *cfg G_GNUC_UNUSED,
         return -1;
 
     } else {
-        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                       _("could not find a usable firewall backend"));
-        return -1;
+        cfg->firewallBackend = -1;
+        VIR_ERROR(_("could not find a usable firewall backend"));
+        return 0;
     }
 }
 
-- 
2.45.1







