Commit b9dd878f caused a regression in iptables interaction by logging non-zero status at a higher level than VIR_INFO. Revert that portion of the commit, as well as adding a comment explaining why we check the status ourselves. Reported by Nehal J Wani. * src/util/viriptables.c (virIpTablesOnceInit): Undo log regression. Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> --- src/util/viriptables.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/util/viriptables.c b/src/util/viriptables.c index 9e03cc4..45f7789 100644 --- a/src/util/viriptables.c +++ b/src/util/viriptables.c @@ -60,6 +60,7 @@ static int virIpTablesOnceInit(void) { virCommandPtr cmd; + int status; #if HAVE_FIREWALLD firewall_cmd_path = virFindFileInPath("firewall-cmd"); @@ -70,7 +71,8 @@ virIpTablesOnceInit(void) cmd = virCommandNew(firewall_cmd_path); virCommandAddArgList(cmd, "--state", NULL); - if (virCommandRun(cmd, NULL) < 0) { + /* don't log non-zero status */ + if (virCommandRun(cmd, &status) < 0 || status != 0) { VIR_INFO("firewall-cmd found but disabled for iptables"); VIR_FREE(firewall_cmd_path); firewall_cmd_path = NULL; @@ -87,7 +89,8 @@ virIpTablesOnceInit(void) cmd = virCommandNew(IPTABLES_PATH); virCommandAddArgList(cmd, "-w", "-L", "-n", NULL); - if (virCommandRun(cmd, NULL) < 0) { + /* don't log non-zero status */ + if (virCommandRun(cmd, &status) < 0 || status != 0) { VIR_INFO("xtables locking not supported by your iptables"); } else { VIR_INFO("using xtables locking for iptables"); -- 1.8.5.3 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list