[libvirt] [PATCH] nwfilter: Handle opening for session
Daniel P. Berrangé
berrange at redhat.com
Fri Aug 24 10:26:47 UTC 2018
On Thu, Aug 23, 2018 at 08:54:53AM -0400, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1608275
>
> Commit id 2870419eb (in part) added virGetConnectNWFilter to
> allow opening drivers (interface, network, nwfilter, nodedev,
> secret, and storage) based on context and commit id f14c37ce4c
> started using the API; however, the nwfilterConnectOpen did
> not handle session mode resulting in the following message
> being logged when virDomainConfVMNWFilterTeardown was called
> during the domain shutdown processing:
>
> error : nwfilterConnectOpen:383 : internal error: unexpected
> nwfilter URI path '/session', try nwfilter:///system
>
> So similar to the other drivers add code in to check for
> /session when not privileged.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
> index ac3a964388..6c25293fd9 100644
> --- a/src/nwfilter/nwfilter_driver.c
> +++ b/src/nwfilter/nwfilter_driver.c
> @@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn,
> return VIR_DRV_OPEN_ERROR;
> }
>
> - if (STRNEQ(conn->uri->path, "/system")) {
> - virReportError(VIR_ERR_INTERNAL_ERROR,
> - _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
> - conn->uri->path);
> - return VIR_DRV_OPEN_ERROR;
> + if (driver->privileged) {
> + if (STRNEQ(conn->uri->path, "/system")) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
> + conn->uri->path);
> + return VIR_DRV_OPEN_ERROR;
> + }
> + } else {
> + if (STRNEQ(conn->uri->path, "/session")) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("unexpected nwfilter URI path '%s', try nwfilter:///session"),
> + conn->uri->path);
> + return VIR_DRV_OPEN_ERROR;
> + }
> }
This isn't right - we should never open the driver in session mode - the
nwfilterStateInitialize() method explicitly skips initialization in an
unprivileged daemon because sesson mode is not supported.
So I think we need to change the virt drivers to not blindly run this
cleanup code in session mode.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list