[libvirt] [PATCH 2/5] Prevent test failures with ebtables/iptables/ip6tables are missing

Daniel P. Berrange berrange at redhat.com
Fri Apr 7 15:39:16 UTC 2017


When running tests in a restricted container (as opposed to a full
OS install), we can't assume ebtables/iptbles/ip6tables are going
to be installed. We must check this and mark the tests as skipped.

Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
---
 tests/networkxml2firewalltest.c  | 13 +++++++++++++
 tests/nwfilterebiptablestest.c   | 13 +++++++++++++
 tests/nwfilterxml2firewalltest.c | 12 ++++++++++++
 tests/virfirewalltest.c          | 13 +++++++++++++
 4 files changed, 51 insertions(+)

diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
index 58a9516..fed0e66 100644
--- a/tests/networkxml2firewalltest.c
+++ b/tests/networkxml2firewalltest.c
@@ -108,6 +108,14 @@ testCompareXMLToIPTablesHelper(const void *data)
     return result;
 }
 
+static bool
+hasNetfilterTools(void)
+{
+    return virFileIsExecutable(IPTABLES_PATH) &&
+        virFileIsExecutable(IP6TABLES_PATH) &&
+        virFileIsExecutable(EBTABLES_PATH);
+}
+
 
 static int
 mymain(void)
@@ -131,6 +139,11 @@ mymain(void)
     virFirewallSetLockOverride(true);
 
     if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+        if (!hasNetfilterTools()) {
+            fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+            return EXIT_AM_SKIP;
+        }
+
         ret = -1;
         goto cleanup;
     }
diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c
index 4357133..6073423 100644
--- a/tests/nwfilterebiptablestest.c
+++ b/tests/nwfilterebiptablestest.c
@@ -517,6 +517,14 @@ testNWFilterEBIPTablesApplyDropAllRules(const void *opaque ATTRIBUTE_UNUSED)
     return ret;
 }
 
+static bool
+hasNetfilterTools(void)
+{
+    return virFileIsExecutable(IPTABLES_PATH) &&
+        virFileIsExecutable(IP6TABLES_PATH) &&
+        virFileIsExecutable(EBTABLES_PATH);
+}
+
 
 static int
 mymain(void)
@@ -526,6 +534,11 @@ mymain(void)
     virFirewallSetLockOverride(true);
 
     if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+        if (!hasNetfilterTools()) {
+            fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+            return EXIT_AM_SKIP;
+        }
+
         ret = -1;
         goto cleanup;
     }
diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c
index 95ab46e..3d6e792 100644
--- a/tests/nwfilterxml2firewalltest.c
+++ b/tests/nwfilterxml2firewalltest.c
@@ -445,6 +445,14 @@ testCompareXMLToIPTablesHelper(const void *data)
     return result;
 }
 
+static bool
+hasNetfilterTools(void)
+{
+    return virFileIsExecutable(IPTABLES_PATH) &&
+        virFileIsExecutable(IP6TABLES_PATH) &&
+        virFileIsExecutable(EBTABLES_PATH);
+}
+
 
 static int
 mymain(void)
@@ -468,6 +476,10 @@ mymain(void)
     virFirewallSetLockOverride(true);
 
     if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+        if (!hasNetfilterTools()) {
+            fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+            return EXIT_AM_SKIP;
+        }
         ret = -1;
         goto cleanup;
     }
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 0f703a6..ac99b82 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -1123,11 +1123,24 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
     return ret;
 }
 
+static bool
+hasNetfilterTools(void)
+{
+    return virFileIsExecutable(IPTABLES_PATH) &&
+        virFileIsExecutable(IP6TABLES_PATH) &&
+        virFileIsExecutable(EBTABLES_PATH);
+}
+
 static int
 mymain(void)
 {
     int ret = 0;
 
+    if (!hasNetfilterTools()) {
+        fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+        return EXIT_AM_SKIP;
+    }
+
 # define RUN_TEST_DIRECT(name, method)                                  \
     do {                                                                \
         struct testFirewallData data;                                   \
-- 
2.9.3




More information about the libvir-list mailing list