[PATCH 5/8] util: add virFirewallDApplyPolicyRichRules()
Signed-off-by: Eric Garver <eric(a)garver.life>
---
src/libvirt_private.syms | 1 +
src/util/virfirewalld.c | 44 ++++++++++++++++++++++++++++++++++++++++
src/util/virfirewalld.h | 4 ++++
3 files changed, 49 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c5882c535210..8fddb9aad11b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2358,6 +2358,7 @@ virFirewallStartTransaction;
# util/virfirewalld.h
+virFirewallDApplyPolicyRichRules;
virFirewallDApplyRule;
virFirewallDGetBackend;
virFirewallDGetPolicies;
diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
index 07f9cdd1e485..9b3c1d84c48f 100644
--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
@@ -426,6 +426,50 @@ virFirewallDApplyRule(virFirewallLayer layer,
return 0;
}
+/**
+ * virFirewallDApplyPolicyRichRules:
+ * @policy: which policy to apply rules to
+ * @rules: rules to apply, array of strings
+ * @rules_count: number of rules in rules array
+ *
+ * Returns 0 on success, non-zero on failure
+ */
+int
+virFirewallDApplyPolicyRichRules(const char *policy,
+ const char **rules,
+ size_t rules_count)
+{
+ GDBusConnection *sysbus = virGDBusGetSystemBus();
+ g_autoptr(GVariant) message = NULL;
+ GVariant *array = NULL;
+ GVariantBuilder builder;
+ size_t i;
+
+ if (!sysbus)
+ return -1;
+
+ g_variant_builder_init(&builder, G_VARIANT_TYPE_STRING_ARRAY);
+ for (i = 0; i < rules_count; i++) {
+ g_variant_builder_add(&builder, "s", rules[i]);
+ }
+ array = g_variant_builder_end(&builder);
+
+ g_variant_builder_init(&builder, G_VARIANT_TYPE_VARDICT);
+ g_variant_builder_add(&builder, "{sv}", "rich_rules",
array);
+
+ message = g_variant_new("(sa{sv})", policy, &builder);
+
+ return virGDBusCallMethod(sysbus,
+ NULL,
+ NULL,
+ NULL,
+ VIR_FIREWALL_FIREWALLD_SERVICE,
+ "/org/fedoraproject/FirewallD1",
+ "org.fedoraproject.FirewallD1.policy",
+ "setPolicySettings",
+ message);
+}
+
int
virFirewallDInterfaceSetZone(const char *iface,
diff --git a/src/util/virfirewalld.h b/src/util/virfirewalld.h
index 11aad7786dfb..9ff4e02e1d59 100644
--- a/src/util/virfirewalld.h
+++ b/src/util/virfirewalld.h
@@ -40,6 +40,10 @@ int virFirewallDApplyRule(virFirewallLayer layer,
char **args, size_t argsLen,
bool ignoreErrors,
char **output);
+int virFirewallDApplyPolicyRichRules(const char *policy,
+ const char **rules,
+ size_t rules_count);
+
int virFirewallDInterfaceSetZone(const char *iface,
const char *zone);
--
2.37.3