Blame SOURCES/libvirt-util-always-check-for-ebtables-iptables-binaries-even-when-using-firewalld.patch

7548c0
From 36a12736f39da72dba98b843def645e5e4ed0afb Mon Sep 17 00:00:00 2001
7548c0
Message-Id: <36a12736f39da72dba98b843def645e5e4ed0afb@dist-git>
7548c0
From: Laine Stump <laine@redhat.com>
7548c0
Date: Fri, 15 Jan 2021 22:51:49 -0500
7548c0
Subject: [PATCH] util: always check for ebtables/iptables binaries, even when
7548c0
 using firewalld
7548c0
7548c0
Even though *we* don't call ebtables/iptables/ip6tables (yet) when the
7548c0
firewalld backend is selected, firewalld does, so these binaries need
7548c0
to be there; let's check for them. (Also, the patch after this one is
7548c0
going to start execing those binaries directly rather than via
7548c0
firewalld).
7548c0
7548c0
https://bugzilla.redhat.com/1607929
7548c0
7548c0
Signed-off-by: Laine Stump <laine@redhat.com>
7548c0
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
7548c0
(cherry picked from commit 56dd128bd06c38fab4256a098124d47d803e919a)
7548c0
Message-Id: <20210116035151.1066734-7-laine@redhat.com>
7548c0
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
7548c0
---
7548c0
 src/util/virfirewall.c | 56 ++++++++++++++++++++----------------------
7548c0
 1 file changed, 26 insertions(+), 30 deletions(-)
7548c0
7548c0
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
7548c0
index 2e3b02402e..520d515c11 100644
7548c0
--- a/src/util/virfirewall.c
7548c0
+++ b/src/util/virfirewall.c
7548c0
@@ -100,24 +100,38 @@ VIR_ONCE_GLOBAL_INIT(virFirewall);
7548c0
 static int
7548c0
 virFirewallValidateBackend(virFirewallBackend backend)
7548c0
 {
7548c0
-    VIR_DEBUG("Validating backend %d", backend);
7548c0
+    const char *commands[] = {
7548c0
+        IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
7548c0
+    };
7548c0
+    size_t i;
7548c0
+
7548c0
+    for (i = 0; i < G_N_ELEMENTS(commands); i++) {
7548c0
+        if (!virFileIsExecutable(commands[i])) {
7548c0
+            virReportSystemError(errno,
7548c0
+                                 _("%s not available, firewall backend will not function"),
7548c0
+                                 commands[i]);
7548c0
+            return -1;
7548c0
+        }
7548c0
+    }
7548c0
+    VIR_DEBUG("found iptables/ip6tables/ebtables");
7548c0
+
7548c0
     if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
7548c0
         backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
7548c0
         int rv = virFirewallDIsRegistered();
7548c0
 
7548c0
         VIR_DEBUG("Firewalld is registered ? %d", rv);
7548c0
-        if (rv < 0) {
7548c0
-            if (rv == -2) {
7548c0
-                if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
7548c0
-                    virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
7548c0
-                                   _("firewalld firewall backend requested, but service is not running"));
7548c0
-                    return -1;
7548c0
-                } else {
7548c0
-                    VIR_DEBUG("firewalld service not running, trying direct backend");
7548c0
-                    backend = VIR_FIREWALL_BACKEND_DIRECT;
7548c0
-                }
7548c0
-            } else {
7548c0
+
7548c0
+        if (rv == -1)
7548c0
+            return -1;
7548c0
+
7548c0
+        if (rv == -2) {
7548c0
+            if (backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
7548c0
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
7548c0
+                               _("firewalld backend requested, but service is not running"));
7548c0
                 return -1;
7548c0
+            } else {
7548c0
+                VIR_DEBUG("firewalld service not running, using direct backend");
7548c0
+                backend = VIR_FIREWALL_BACKEND_DIRECT;
7548c0
             }
7548c0
         } else {
7548c0
             VIR_DEBUG("firewalld service running, using firewalld backend");
7548c0
@@ -125,25 +139,7 @@ virFirewallValidateBackend(virFirewallBackend backend)
7548c0
         }
7548c0
     }
7548c0
 
7548c0
-    if (backend == VIR_FIREWALL_BACKEND_DIRECT) {
7548c0
-        const char *commands[] = {
7548c0
-            IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
7548c0
-        };
7548c0
-        size_t i;
7548c0
-
7548c0
-        for (i = 0; i < G_N_ELEMENTS(commands); i++) {
7548c0
-            if (!virFileIsExecutable(commands[i])) {
7548c0
-                virReportSystemError(errno,
7548c0
-                                     _("direct firewall backend requested, but %s is not available"),
7548c0
-                                     commands[i]);
7548c0
-                return -1;
7548c0
-            }
7548c0
-        }
7548c0
-        VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend");
7548c0
-    }
7548c0
-
7548c0
     currentBackend = backend;
7548c0
-
7548c0
     return 0;
7548c0
 }
7548c0
 
7548c0
-- 
7548c0
2.30.0
7548c0