From e8228a9e7971e4e22a3c89bf90ab648300d96a09 Mon Sep 17 00:00:00 2001
From: Laine Stump <laine@redhat.com>
Date: Mon, 21 Oct 2024 13:55:16 -0400
Subject: [PATCH] network: ignore/don't log errors when unsetting firewalld
 zone
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

The most common "error" when trying to unset the firewalld zone of an
interface is for firewalld to tell us that the interface already isn't
in any zone. Since this is what we want, no need to alarm the user by
logging it as an error.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: JÃ¡n Tomko <jtomko@redhat.com>
---
 src/util/virfirewalld.c | 33 ++++++++++++++++++++++-----------
 src/util/virfirewalld.h |  2 +-
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index ca61ed5ac0..0a886780ad 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -449,26 +449,37 @@ virFirewallDInterfaceSetZone(const char *iface,
 }
 
 
-int
+void
 virFirewallDInterfaceUnsetZone(const char *iface)
 {
     GDBusConnection *sysbus = virGDBusGetSystemBus();
     g_autoptr(GVariant) message = NULL;
+    g_autoptr(virError) error = NULL;
 
     if (!sysbus)
-        return -1;
+        return;
+
+    /* we are sending virGDBusCallMethod an error object so that it
+     * will put the error message there rather than logging it,
+     * because we want to ignore any error as it doesn't matter - the
+     * most common "error" is to inform us that the interface is
+     * already not in any zone, and that is of course just fine, since
+     * that's what we're trying to do anyway. If there is an error,
+     * we'll just throw it away without logging it anywhere.
+     */
+    error = g_new0(virError, 1);
 
     message = g_variant_new("(ss)", "", iface);
 
-    return virGDBusCallMethod(sysbus,
-                              NULL,
-                              NULL,
-                              NULL,
-                              VIR_FIREWALL_FIREWALLD_SERVICE,
-                              "/org/fedoraproject/FirewallD1",
-                              "org.fedoraproject.FirewallD1.zone",
-                              "removeInterface",
-                              message);
+    virGDBusCallMethod(sysbus,
+                       NULL,
+                       NULL,
+                       error,
+                       VIR_FIREWALL_FIREWALLD_SERVICE,
+                       "/org/fedoraproject/FirewallD1",
+                       "org.fedoraproject.FirewallD1.zone",
+                       "removeInterface",
+                       message);
 }
 
 
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 0dbe66d435..43803ee89a 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -46,6 +46,6 @@ int virFirewallDApplyRule(virFirewallLayer layer,
 int virFirewallDInterfaceSetZone(const char *iface,
                                  const char *zone);
 
-int virFirewallDInterfaceUnsetZone(const char *iface);
+void virFirewallDInterfaceUnsetZone(const char *iface);
 
 void virFirewallDSynchronize(void);
-- 
2.47.2