On a Monday in 2024, Laine Stump wrote:
While testing a recent patch that unsets the zone of bridge interfaces when a virtual network is stopped, a side effect was noticed: when firewalld reloaded its rules, this would result in an error log from libvirt complaining about attempting to unset the zone of an interface that wasn't in any zone. The two patches here fix that from different angles: * The first modifies the call to unsetZone so that it puts any error message returned from firewalld to libvirt into a virError object rather than logging it; this virError object is then silently discarded. * The second avoids even calling firewalld to unset the zone if it's just going to immediately be set again. This avoids an error message that would be logged directly by firewalld even if libvirt didn't log the message it received from firewalld. The combination of these two patches eliminate all misleading log messages about failed attempts to unset a zone. Laine Stump (2): network: ignore/don't log errors when unsetting firewalld zone network: don't unset the firewalld zone if it's going to be immediately re-set src/network/bridge_driver.c | 8 +++---- src/network/bridge_driver_linux.c | 10 +++++---- src/network/bridge_driver_nop.c | 4 +++- src/network/bridge_driver_platform.h | 3 ++- src/util/virfirewalld.c | 33 ++++++++++++++++++---------- src/util/virfirewalld.h | 2 +- 6 files changed, 38 insertions(+), 22 deletions(-)
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: PGP signature