[Libvir] [patch 7/9] Add support for lokkit
Daniel P. Berrange
berrange at redhat.com
Sat Jan 5 00:16:31 UTC 2008
On Fri, Jan 04, 2008 at 03:57:32PM +0000, Mark McLoughlin wrote:
> Add support for integrating our iptables support with Fedora's
> iptables configuration using the lokkit --custom-rules command.
>
> Basically, we write out our rules to /var/lib/libvirt/iptables
> and run lokkit --custom-rules so that if e.g. iptables is
> restarted or the user edits their firewall configuration, then
> libvirt's rules get reloaded.
Ahh, that's very nice to have.
> +dnl
> +dnl ensure that Fedora's system-config-firewall knows
> +dnl about libvirt's iptables rules
> +dnl
> +AC_ARG_ENABLE(iptables-lokkit,
> + AC_HELP_STRING([--enable-iptables-lokkit=no/yes],
> + [enable registering libvirt's iptables rules with Fedora's lokkit]),
> + [],[enable_iptables_lokkit=no])
> +if test x"$enable_iptables_lokkit" = x"yes"; then
> + AC_DEFINE(ENABLE_IPTABLES_LOKKIT, [], [whether support for Fedora's lokkit is enabled])
> + AC_PATH_PROG(LOKKIT_PATH, lokkit, /usr/sbin/lokkit)
> + AC_DEFINE_UNQUOTED(LOKKIT_PATH, "$LOKKIT_PATH", [path to lokkit binary])
> +fi
> +
Could we make the configure script a little more clever so that it is
a tri-state and can auto-detect whether lokkit is available.
- enable_iptables_lokkit=no - force disable
- enable_iptables_lokkit=yes - check if it is supported, and error if not
- enable_iptables_lokkit=check - check if it is supported and enable or disable as needed
With 'check' being the default. This makes it 'do the right' thing by
default, and lets the user have a strict override if neccessary.
ACK to the rest of the patch
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
More information about the libvir-list
mailing list