https://bugzilla.redhat.com/show_bug.cgi?id=1608275
Commit id 2870419eb (in part) added virGetConnectNWFilter to
allow opening drivers (interface, network, nwfilter, nodedev,
secret, and storage) based on context and commit id f14c37ce4c
started using the API; however, the nwfilterConnectOpen did
not handle session mode resulting in the following message
being logged when virDomainConfVMNWFilterTeardown was called
during the domain shutdown processing:
error : nwfilterConnectOpen:383 : internal error: unexpected
nwfilter URI path '/session', try nwfilter:///system
So similar to the other drivers add code in to check for
/session when not privileged.
Signed-off-by: John Ferlan <jferlan@redhat.com>
---
src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index ac3a964388..6c25293fd9 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn,
return VIR_DRV_OPEN_ERROR;
}
- if (STRNEQ(conn->uri->path, "/system")) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
- conn->uri->path);
- return VIR_DRV_OPEN_ERROR;
+ if (driver->privileged) {
+ if (STRNEQ(conn->uri->path, "/system")) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unexpected nwfilter URI path '%s', try nwfilter:///system"),
+ conn->uri->path);
+ return VIR_DRV_OPEN_ERROR;
+ }
+ } else {
+ if (STRNEQ(conn->uri->path, "/session")) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("unexpected nwfilter URI path '%s', try nwfilter:///session"),
+ conn->uri->path);
+ return VIR_DRV_OPEN_ERROR;
+ }
}
if (virConnectOpenEnsureACL(conn) < 0)
--
2.17.1
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Aug 23, 2018 at 08:54:53AM -0400, John Ferlan wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1608275 > > Commit id 2870419eb (in part) added virGetConnectNWFilter to > allow opening drivers (interface, network, nwfilter, nodedev, > secret, and storage) based on context and commit id f14c37ce4c > started using the API; however, the nwfilterConnectOpen did > not handle session mode resulting in the following message > being logged when virDomainConfVMNWFilterTeardown was called > during the domain shutdown processing: > > error : nwfilterConnectOpen:383 : internal error: unexpected > nwfilter URI path '/session', try nwfilter:///system > > So similar to the other drivers add code in to check for > /session when not privileged. > > Signed-off-by: John Ferlan <jferlan@redhat.com> > --- > src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++----- > 1 file changed, 14 insertions(+), 5 deletions(-) > > diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c > index ac3a964388..6c25293fd9 100644 > --- a/src/nwfilter/nwfilter_driver.c > +++ b/src/nwfilter/nwfilter_driver.c > @@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn, > return VIR_DRV_OPEN_ERROR; > } > > - if (STRNEQ(conn->uri->path, "/system")) { > - virReportError(VIR_ERR_INTERNAL_ERROR, > - _("unexpected nwfilter URI path '%s', try nwfilter:///system"), > - conn->uri->path); > - return VIR_DRV_OPEN_ERROR; > + if (driver->privileged) { > + if (STRNEQ(conn->uri->path, "/system")) { > + virReportError(VIR_ERR_INTERNAL_ERROR, > + _("unexpected nwfilter URI path '%s', try nwfilter:///system"), > + conn->uri->path); > + return VIR_DRV_OPEN_ERROR; > + } > + } else { > + if (STRNEQ(conn->uri->path, "/session")) { > + virReportError(VIR_ERR_INTERNAL_ERROR, > + _("unexpected nwfilter URI path '%s', try nwfilter:///session"), > + conn->uri->path); > + return VIR_DRV_OPEN_ERROR; > + } > } This isn't right - we should never open the driver in session mode - the nwfilterStateInitialize() method explicitly skips initialization in an unprivileged daemon because sesson mode is not supported. So I think we need to change the virt drivers to not blindly run this cleanup code in session mode. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.