When run non-root the nwfilter driver logs error messages about
being unable to find iptables/ebtables commands (they are in
/sbin which isn't in $PATH). The nwfilter driver can't ever work
as non-root, so simply skip it entirely thus avoiding the error
messages
* src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
src/nwfilter/nwfilter_gentech_driver.c,
src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
flag down to final driver impl
* src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
if not privileged
---
src/conf/nwfilter_conf.h | 2 +-
src/nwfilter/nwfilter_driver.c | 2 +-
src/nwfilter/nwfilter_ebiptables_driver.c | 9 ++++++---
src/nwfilter/nwfilter_gentech_driver.c | 6 +++---
src/nwfilter/nwfilter_gentech_driver.h | 2 +-
5 files changed, 12 insertions(+), 9 deletions(-)
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 8f8383f..34ff399 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -502,7 +502,7 @@ struct domUpdateCBStruct {
};
-typedef int (*virNWFilterTechDrvInit)(void);
+typedef int (*virNWFilterTechDrvInit)(bool privileged);
typedef void (*virNWFilterTechDrvShutdown)(void);
enum virDomainNetType;
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index f903311..a579306 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -69,7 +69,7 @@ nwfilterDriverStartup(int privileged) {
if (virNWFilterLearnInit() < 0)
return -1;
- virNWFilterTechDriversInit();
+ virNWFilterTechDriversInit(privileged);
if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB) < 0)
goto conf_init_err;
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 1b8730d..39cd0f3 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -114,7 +114,7 @@ static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
#define COMMENT_VARNAME "comment"
static int ebtablesRemoveBasicRules(const char *ifname);
-static int ebiptablesDriverInit(void);
+static int ebiptablesDriverInit(bool privileged);
static void ebiptablesDriverShutdown(void);
static int ebtablesCleanAll(const char *ifname);
static int ebiptablesAllTeardown(const char *ifname);
@@ -3653,11 +3653,14 @@ virNWFilterTechDriver ebiptables_driver = {
static int
-ebiptablesDriverInit(void)
+ebiptablesDriverInit(bool privileged)
{
virBuffer buf = VIR_BUFFER_INITIALIZER;
int cli_status;
+ if (!privileged)
+ return 0;
+
if (virMutexInit(&execCLIMutex))
return EINVAL;
@@ -3730,7 +3733,7 @@ ebiptablesDriverInit(void)
static void
-ebiptablesDriverShutdown()
+ebiptablesDriverShutdown(void)
{
VIR_FREE(gawk_cmd_path);
VIR_FREE(grep_cmd_path);
diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index e64c3ec..9ef3692 100644
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -50,17 +50,17 @@ static virNWFilterTechDriverPtr filter_tech_drivers[] = {
};
-void virNWFilterTechDriversInit() {
+void virNWFilterTechDriversInit(bool privileged) {
int i = 0;
while (filter_tech_drivers[i]) {
if (!(filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED))
- filter_tech_drivers[i]->init();
+ filter_tech_drivers[i]->init(privileged);
i++;
}
}
-void virNWFilterTechDriversShutdown() {
+void virNWFilterTechDriversShutdown(void) {
int i = 0;
while (filter_tech_drivers[i]) {
if ((filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED))
diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
index c9dd4a1..271bf85 100644
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -28,7 +28,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);
int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res,
void *data);
-void virNWFilterTechDriversInit(void);
+void virNWFilterTechDriversInit(bool privileged);
void virNWFilterTechDriversShutdown(void);
enum instCase {
--
1.7.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list