[libvirt] [PATCH] Avoid warnings from nwfilter driver when run non-root

Laine Stump laine at laine.org
Thu Feb 10 13:04:00 UTC 2011 

On 02/10/2011 05:49 AM, Daniel P. Berrange wrote:
> When run non-root the nwfilter driver logs error messages about
> being unable to find iptables/ebtables commands (they are in
> /sbin which isn't in $PATH). The nwfilter driver can't ever work
> as non-root, so simply skip it entirely thus avoiding the error
> messages
>
> * src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
>    src/nwfilter/nwfilter_gentech_driver.c,
>    src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
>    flag down to final driver impl
> * src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
>    if not privileged
> ---
>   src/conf/nwfilter_conf.h                  |    2 +-
>   src/nwfilter/nwfilter_driver.c            |    2 +-
>   src/nwfilter/nwfilter_ebiptables_driver.c |    9 ++++++---
>   src/nwfilter/nwfilter_gentech_driver.c    |    6 +++---
>   src/nwfilter/nwfilter_gentech_driver.h    |    2 +-
>   5 files changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
> index 8f8383f..34ff399 100644
> --- a/src/conf/nwfilter_conf.h
> +++ b/src/conf/nwfilter_conf.h
> @@ -502,7 +502,7 @@ struct domUpdateCBStruct {
>   };
>
>
> -typedef int (*virNWFilterTechDrvInit)(void);
> +typedef int (*virNWFilterTechDrvInit)(bool privileged);
>   typedef void (*virNWFilterTechDrvShutdown)(void);
>
>   enum virDomainNetType;
> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
> index f903311..a579306 100644
> --- a/src/nwfilter/nwfilter_driver.c
> +++ b/src/nwfilter/nwfilter_driver.c
> @@ -69,7 +69,7 @@ nwfilterDriverStartup(int privileged) {
>       if (virNWFilterLearnInit()<  0)
>           return -1;
>
> -    virNWFilterTechDriversInit();
> +    virNWFilterTechDriversInit(privileged);
>
>       if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB)<  0)
>           goto conf_init_err;
> diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
> index 1b8730d..39cd0f3 100644
> --- a/src/nwfilter/nwfilter_ebiptables_driver.c
> +++ b/src/nwfilter/nwfilter_ebiptables_driver.c
> @@ -114,7 +114,7 @@ static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
>   #define COMMENT_VARNAME "comment"
>
>   static int ebtablesRemoveBasicRules(const char *ifname);
> -static int ebiptablesDriverInit(void);
> +static int ebiptablesDriverInit(bool privileged);
>   static void ebiptablesDriverShutdown(void);
>   static int ebtablesCleanAll(const char *ifname);
>   static int ebiptablesAllTeardown(const char *ifname);
> @@ -3653,11 +3653,14 @@ virNWFilterTechDriver ebiptables_driver = {
>
>
>   static int
> -ebiptablesDriverInit(void)
> +ebiptablesDriverInit(bool privileged)
>   {
>       virBuffer buf = VIR_BUFFER_INITIALIZER;
>       int cli_status;
>
> +    if (!privileged)
> +        return 0;
> +
>       if (virMutexInit(&execCLIMutex))
>           return EINVAL;
>
> @@ -3730,7 +3733,7 @@ ebiptablesDriverInit(void)
>
>
>   static void
> -ebiptablesDriverShutdown()
> +ebiptablesDriverShutdown(void)
>   {
>       VIR_FREE(gawk_cmd_path);
>       VIR_FREE(grep_cmd_path);
> diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
> index e64c3ec..9ef3692 100644
> --- a/src/nwfilter/nwfilter_gentech_driver.c
> +++ b/src/nwfilter/nwfilter_gentech_driver.c
> @@ -50,17 +50,17 @@ static virNWFilterTechDriverPtr filter_tech_drivers[] = {
>   };
>
>
> -void virNWFilterTechDriversInit() {
> +void virNWFilterTechDriversInit(bool privileged) {
>       int i = 0;
>       while (filter_tech_drivers[i]) {
>           if (!(filter_tech_drivers[i]->flags&  TECHDRV_FLAG_INITIALIZED))
> -            filter_tech_drivers[i]->init();
> +            filter_tech_drivers[i]->init(privileged);
>           i++;
>       }
>   }
>
>
> -void virNWFilterTechDriversShutdown() {
> +void virNWFilterTechDriversShutdown(void) {
>       int i = 0;
>       while (filter_tech_drivers[i]) {
>           if ((filter_tech_drivers[i]->flags&  TECHDRV_FLAG_INITIALIZED))
> diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
> index c9dd4a1..271bf85 100644
> --- a/src/nwfilter/nwfilter_gentech_driver.h
> +++ b/src/nwfilter/nwfilter_gentech_driver.h
> @@ -28,7 +28,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);
>   int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res,
>                                  void *data);
>
> -void virNWFilterTechDriversInit(void);
> +void virNWFilterTechDriversInit(bool privileged);
>   void virNWFilterTechDriversShutdown(void);
>
>   enum instCase {

ACK

More information about the libvir-list mailing list