From: Laine Stump <laine@redhat.com>
Date: Mon, 21 Oct 2024 17:55:16 +0000 (-0400)
Subject: network: ignore/don't log errors when unsetting firewalld zone
X-Git-Tag: v10.9.0-rc1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8228a9e7971e4e22a3c89bf90ab648300d96a09;p=thirdparty%2Flibvirt.git

network: ignore/don't log errors when unsetting firewalld zone

The most common "error" when trying to unset the firewalld zone of an
interface is for firewalld to tell us that the interface already isn't
in any zone. Since this is what we want, no need to alarm the user by
logging it as an error.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index ca61ed5ac0..0a886780ad 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -449,26 +449,37 @@ virFirewallDInterfaceSetZone(const char *iface,
 }
 
 
-int
+void
 virFirewallDInterfaceUnsetZone(const char *iface)
 {
     GDBusConnection *sysbus = virGDBusGetSystemBus();
     g_autoptr(GVariant) message = NULL;
+    g_autoptr(virError) error = NULL;
 
     if (!sysbus)
-        return -1;
+        return;
+
+    /* we are sending virGDBusCallMethod an error object so that it
+     * will put the error message there rather than logging it,
+     * because we want to ignore any error as it doesn't matter - the
+     * most common "error" is to inform us that the interface is
+     * already not in any zone, and that is of course just fine, since
+     * that's what we're trying to do anyway. If there is an error,
+     * we'll just throw it away without logging it anywhere.
+     */
+    error = g_new0(virError, 1);
 
     message = g_variant_new("(ss)", "", iface);
 
-    return virGDBusCallMethod(sysbus,
-                              NULL,
-                              NULL,
-                              NULL,
-                              VIR_FIREWALL_FIREWALLD_SERVICE,
-                              "/org/fedoraproject/FirewallD1",
-                              "org.fedoraproject.FirewallD1.zone",
-                              "removeInterface",
-                              message);
+    virGDBusCallMethod(sysbus,
+                       NULL,
+                       NULL,
+                       error,
+                       VIR_FIREWALL_FIREWALLD_SERVICE,
+                       "/org/fedoraproject/FirewallD1",
+                       "org.fedoraproject.FirewallD1.zone",
+                       "removeInterface",
+                       message);
 }
 
 
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 0dbe66d435..43803ee89a 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -46,6 +46,6 @@ int virFirewallDApplyRule(virFirewallLayer layer,
 int virFirewallDInterfaceSetZone(const char *iface,
                                  const char *zone);
 
-int virFirewallDInterfaceUnsetZone(const char *iface);
+void virFirewallDInterfaceUnsetZone(const char *iface);
 
 void virFirewallDSynchronize(void);