If neither iptables or nftables are present, and no explicit config
setting was made, skip network driver initialization, rather than
making it a hard error.
This allows libvirtd to carry on operating with the network driver
disabled, while ensuring virtnetworkd will shutdown.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/network/bridge_driver.c | 8 +++++++-
src/network/bridge_driver_conf.c | 8 ++++----
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 32572c755f..371bc2bae6 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -588,6 +588,7 @@ networkStateInitialize(bool privileged,
#ifdef WITH_FIREWALLD
GDBusConnection *sysbus = NULL;
#endif
+ int ret = VIR_DRV_STATE_INIT_ERROR;
if (root != NULL) {
virReportError(VIR_ERR_INVALID_ARG, "%s",
@@ -611,6 +612,11 @@ networkStateInitialize(bool privileged,
if (!(network_driver->config = cfg = virNetworkDriverConfigNew(privileged)))
goto error;
+ if (network_driver->config->firewallBackend == -1) {
+ ret = VIR_DRV_STATE_INIT_SKIPPED;
+ goto error;
+ }
+
if ((network_driver->lockFD =
virPidFileAcquire(cfg->stateDir, "driver", getpid())) < 0)
goto error;
@@ -689,7 +695,7 @@ networkStateInitialize(bool privileged,
error:
networkStateCleanup();
- return VIR_DRV_STATE_INIT_ERROR;
+ return ret;
}
diff --git a/src/network/bridge_driver_conf.c b/src/network/bridge_driver_conf.c
index e2f3613a41..f6c89ddddf 100644
--- a/src/network/bridge_driver_conf.c
+++ b/src/network/bridge_driver_conf.c
@@ -132,7 +132,7 @@ virNetworkLoadDriverConfig(virNetworkDriverConfig *cfg G_GNUC_UNUSED,
if (fwBackendSelected) {
VIR_INFO("using firewall_backend: '%s'",
virFirewallBackendTypeToString(cfg->firewallBackend));
- return 0;
+ return 1;
} else if (fwBackendStr) {
@@ -143,9 +143,9 @@ virNetworkLoadDriverConfig(virNetworkDriverConfig *cfg G_GNUC_UNUSED,
return -1;
} else {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("could not find a usable firewall backend"));
- return -1;
+ cfg->firewallBackend = -1;
+ VIR_ERROR(_("could not find a usable firewall backend"));
+ return 0;
}
}
--
2.45.1