Re: [Libvir] [patch 7/9] Add support for lokkit
On Fri, Jan 04, 2008 at 03:57:32PM +0000, Mark McLoughlin wrote:
Add support for integrating our iptables support with Fedora's
iptables configuration using the lokkit --custom-rules command.
Basically, we write out our rules to /var/lib/libvirt/iptables
and run lokkit --custom-rules so that if e.g. iptables is
restarted or the user edits their firewall configuration, then
libvirt's rules get reloaded.
Ahh, that's very nice to have.
+dnl
+dnl ensure that Fedora's system-config-firewall knows
+dnl about libvirt's iptables rules
+dnl
+AC_ARG_ENABLE(iptables-lokkit,
+ AC_HELP_STRING([--enable-iptables-lokkit=no/yes],
+ [enable registering libvirt's iptables rules with
Fedora's lokkit]),
+ [],[enable_iptables_lokkit=no])
+if test x"$enable_iptables_lokkit" = x"yes"; then
+ AC_DEFINE(ENABLE_IPTABLES_LOKKIT, [], [whether support for Fedora's lokkit is
enabled])
+ AC_PATH_PROG(LOKKIT_PATH, lokkit, /usr/sbin/lokkit)
+ AC_DEFINE_UNQUOTED(LOKKIT_PATH, "$LOKKIT_PATH", [path to lokkit binary])
+fi
+
Could we make the configure script a little more clever so that it is
a tri-state and can auto-detect whether lokkit is available.
- enable_iptables_lokkit=no - force disable
- enable_iptables_lokkit=yes - check if it is supported, and error if not
- enable_iptables_lokkit=check - check if it is supported and enable or disable as
needed
With 'check' being the default. This makes it 'do the right' thing by
default, and lets the user have a strict override if neccessary.
ACK to the rest of the patch
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|