[libvirt] [PATCH v2 2/2] network: only reload firewall after firewalld is finished restarting
Daniel P. Berrangé
berrange at redhat.com
Mon Apr 15 09:14:42 UTC 2019
On Fri, Apr 12, 2019 at 01:26:58PM -0400, Laine Stump wrote:
> The network driver used to reload the firewall rules whenever a dbus
> NameOwnerChanged message for org.fedoraproject.FirewallD1 was
> received. Presumably at some point in the past this was successful at
> reloading our rules after a firewalld restart. Recently though I
> noticed that once firewalld was restarted, libvirt's logs would get this
> message:
>
> The name org.fedoraproject.FirewallD1 was not provided by any .service files
>
> After this point, no networks could be started until libvirtd itself
> was restarted.
>
> The problem is that the NameOwnerChanged message is sent twice during
> a firewalld restart - once when the old firewalld is stopped, and
> again when the new firewalld is started. If we try to reload at the
> point the old firewalld is stopped, none of the firewalld dbus calls
> will succeed.
>
> The solution is to check the new_owner field of the message - we
> should reload our firewall rules only if new_owner is non-empty (it is
> set to "" when firewalld is stopped, and some sort of epoch number
> when it is again started).
>
> Signed-off-by: Laine Stump <laine at laine.org>
> ---
> src/network/bridge_driver.c | 30 +++++++++++++++++++++++++-----
> 1 file changed, 25 insertions(+), 5 deletions(-)
Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list