From: Eric Blake <eblake@redhat.com>
Date: Mon, 10 Mar 2014 21:56:44 +0000 (-0600)
Subject: iptables: don't log command probe failures
X-Git-Tag: v1.2.3-rc1~295
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e686ce8aa23d0d43e563c81d73a34631795ba4e1;p=thirdparty%2Flibvirt.git

iptables: don't log command probe failures

Commit b9dd878f caused a regression in iptables interaction by
logging non-zero status at a higher level than VIR_INFO.  Revert
that portion of the commit, as well as adding a comment explaining
why we check the status ourselves.

Reported by Nehal J Wani.

* src/util/viriptables.c (virIpTablesOnceInit): Undo log regression.

Signed-off-by: Eric Blake <eblake@redhat.com>
---

diff --git a/src/util/viriptables.c b/src/util/viriptables.c
index 9e03cc4014..45f7789ace 100644
--- a/src/util/viriptables.c
+++ b/src/util/viriptables.c
@@ -60,6 +60,7 @@ static int
 virIpTablesOnceInit(void)
 {
     virCommandPtr cmd;
+    int status;
 
 #if HAVE_FIREWALLD
     firewall_cmd_path = virFindFileInPath("firewall-cmd");
@@ -70,7 +71,8 @@ virIpTablesOnceInit(void)
         cmd = virCommandNew(firewall_cmd_path);
 
         virCommandAddArgList(cmd, "--state", NULL);
-        if (virCommandRun(cmd, NULL) < 0) {
+        /* don't log non-zero status */
+        if (virCommandRun(cmd, &status) < 0 || status != 0) {
             VIR_INFO("firewall-cmd found but disabled for iptables");
             VIR_FREE(firewall_cmd_path);
             firewall_cmd_path = NULL;
@@ -87,7 +89,8 @@ virIpTablesOnceInit(void)
 
     cmd = virCommandNew(IPTABLES_PATH);
     virCommandAddArgList(cmd, "-w", "-L", "-n", NULL);
-    if (virCommandRun(cmd, NULL) < 0) {
+    /* don't log non-zero status */
+    if (virCommandRun(cmd, &status) < 0 || status != 0) {
         VIR_INFO("xtables locking not supported by your iptables");
     } else {
         VIR_INFO("using xtables locking for iptables");