Re: [libvirt] [PATCHv2] Disable nwfilter driver when running unprivileged
On Tue, Nov 12, 2013 at 01:29:39PM +0100, Ján Tomko wrote:
When running unprivileged, nwfilter state already skips
most of the initialization. Also forbid opening connections
to the nwfilter driver when unprivileged.
This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML
https://bugzilla.redhat.com/show_bug.cgi?id=1029266
---
v1: https://www.redhat.com/archives/libvir-list/2013-November/msg00368.html
v2: forbid everything instead of just virNWFilterDefineXML
src/nwfilter/nwfilter_driver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index 6602d73..d6e492f 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -415,7 +415,7 @@ nwfilterOpen(virConnectPtr conn,
{
virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);
- if (!driverState)
+ if (!driverState || !driverState->privileged)
return VIR_DRV_OPEN_DECLINED;
conn->nwfilterPrivateData = driverState;
The 'driverState' check alone is supposed to be sufficient. It looks
like 'driverState' isn't getting free'd when the 'privileged'
check
fails during global init. So that should be fixed
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|