From: Laine Stump Date: Thu, 21 May 2015 17:36:18 +0000 (-0400) Subject: util: better error message after failure to initialize firewall backend X-Git-Tag: v1.2.16-rc1~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9c53462fbaee15b9aa151cbd35fe906bdda1810;p=thirdparty%2Flibvirt.git util: better error message after failure to initialize firewall backend If the firewalld backend wasn't available and libvirt decides to try setting up a "direct" backend, it checks for the presence of iptables, ip6tables, and ebtables. If they are not found, a message like this is logged: error : virFirewallValidateBackend:193 : direct firewall backend requested, but /usr/sbin/ip6tables is not available: No such file or directory But then at a later time if an attempt is made to use the virFirewall API, failure will be indicated with: error : virFirewallApply:936 : out of memory This patch changes virFirewallApply to first check if a firewall backend hadn't been successfully setup, and logs a slightly more informative message in that case: error : virFirewallApply:940 : internal error: Failed to initialize a valid firewall backend This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876 --- diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index 2251f97bae..a972c05d5b 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -1,7 +1,7 @@ /* * virfirewall.c: integration with firewalls * - * Copyright (C) 2013, 2014 Red Hat, Inc. + * Copyright (C) 2013-2015 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -932,6 +932,14 @@ virFirewallApply(virFirewallPtr firewall) virMutexLock(&ruleLock); + if (currentBackend == VIR_FIREWALL_BACKEND_AUTOMATIC) { + /* a specific backend should have been set when the firewall + * object was created. If not, it means none was found. + */ + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Failed to initialize a valid firewall backend")); + goto cleanup; + } if (!firewall || firewall->err == ENOMEM) { virReportOOMError(); goto cleanup;