[libvirt] [PATCH] util: recheck the validating backend when the firewalld start/stop
Luyao Huang
lhuang at redhat.com
Mon Feb 2 03:40:44 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1188088
When the firewalld is running and then start the libvirtd, libvirt
will set the current backend as VIR_FIREWALL_BACKEND_FIREWALLD.
But when firewalld is stop, we still try to use firewalld even it
is stopped, this will make the vm which has nwfilter cannot start
because systemd cannot find a running firewalld service.
We already have a Dbus callback functions before, add a recheck for
the validating backend in firewalld_dbus_filter_bridge and
nwfilterFirewalldDBusFilter callback functions to help us dynamic
change the validating backend.
Signed-off-by: Luyao Huang <lhuang at redhat.com>
---
src/libvirt_private.syms | 1 +
src/network/bridge_driver.c | 6 ++++++
src/nwfilter/nwfilter_driver.c | 6 ++++++
src/util/virfirewall.c | 8 ++++++++
src/util/virfirewall.h | 2 ++
5 files changed, 23 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index f7f8ea2..dd953b2 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1386,6 +1386,7 @@ virFirewallAddRuleFull;
virFirewallApply;
virFirewallFree;
virFirewallNew;
+virFirewallRecheckBackend;
virFirewallRemoveRule;
virFirewallRuleAddArg;
virFirewallRuleAddArgFormat;
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index c56e8f2..c0e77e6 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -60,6 +60,7 @@
#include "viruuid.h"
#include "viriptables.h"
#include "virlog.h"
+#include "virfirewall.h"
#include "virdnsmasq.h"
#include "configmake.h"
#include "virnetdev.h"
@@ -448,6 +449,11 @@ firewalld_dbus_filter_bridge(DBusConnection *connection ATTRIBUTE_UNUSED,
DBusMessage *message, void *user_data ATTRIBUTE_UNUSED)
{
if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
+ "NameOwnerChanged")) {
+ virFirewallRecheckBackend();
+ }
+
+ if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
"NameOwnerChanged") ||
dbus_message_is_signal(message, "org.fedoraproject.FirewallD1",
"Reloaded"))
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 8e3db43..5f8c48d 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -29,6 +29,7 @@
#include "virdbus.h"
#include "virlog.h"
+#include "virfirewall.h"
#include "internal.h"
@@ -87,6 +88,11 @@ nwfilterFirewalldDBusFilter(DBusConnection *connection ATTRIBUTE_UNUSED,
void *user_data ATTRIBUTE_UNUSED)
{
if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
+ "NameOwnerChanged")) {
+ virFirewallRecheckBackend();
+ }
+
+ if (dbus_message_is_signal(message, DBUS_INTERFACE_DBUS,
"NameOwnerChanged") ||
dbus_message_is_signal(message, "org.fedoraproject.FirewallD1",
"Reloaded")) {
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index cd7afa5..ae00816 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -980,3 +980,11 @@ virFirewallApply(virFirewallPtr firewall)
virMutexUnlock(&ruleLock);
return ret;
}
+
+int
+virFirewallRecheckBackend(void)
+{
+ currentBackend = VIR_FIREWALL_BACKEND_AUTOMATIC;
+
+ return virFirewallValidateBackend(currentBackend);
+}
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index dbf3975..fa4bd8b 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -108,4 +108,6 @@ int virFirewallApply(virFirewallPtr firewall);
void virFirewallSetLockOverride(bool avoid);
+int virFirewallRecheckBackend(void);
+
#endif /* __VIR_FIREWALL_H__ */
--
1.8.3.1
More information about the libvir-list
mailing list