[libvirt PATCH 10/12] util: remove check for iptables binary during virFirewallInit
It's unclear exactly why this check exists; possibly a parallel to a
long-removed check for the firewall-cmd binary (added to viriptables.c
with the initial support for firewalld in commit bf156385a03 in 2012,
and long since removed), or possibly because virFirewallOnceInit() was
intended to be called at daemon startup, and it seemed like a good
idea to just log this error once when trying to determine whether to
use firewalld, or direct iptables commands, and then not waste time
building commands that could never be executed. The odd thing is that
it would sometimes result in logging an error when it couldn't find a
binary that wasn't needed anyway (e.g., if all the rules were iptables
rules, but ebtables and/or ip6tables weren't also installed).
If we just remove this check, then virCommandRun() will end up logging
an error and failing if the needed binary isn't found when we try to
execute it, which seems like it should just as good (or at least good
enough, especially since we eventually want to get rid of iptables
completely).
So let's remove it!
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/util/virfirewall.c | 25 -------------------------
1 file changed, 25 deletions(-)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f3172e5c96..1e6c667ee1 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -98,23 +98,6 @@ VIR_ONCE_GLOBAL_INIT(virFirewall);
static int
virFirewallValidateBackend(virFirewallBackend backend)
{
- const char *commands[] = {
- IPTABLES, IP6TABLES, EBTABLES
- };
- size_t i;
-
- for (i = 0; i < G_N_ELEMENTS(commands); i++) {
- g_autofree char *path = virFindFileInPath(commands[i]);
-
- if (!path) {
- virReportSystemError(errno,
- _("%s not available, firewall backend will not
function"),
- commands[i]);
- return -1;
- }
- }
- VIR_DEBUG("found iptables/ip6tables/ebtables");
-
if (backend == VIR_FIREWALL_BACKEND_AUTOMATIC ||
backend == VIR_FIREWALL_BACKEND_FIREWALLD) {
int rv = virFirewallDIsRegistered();
@@ -694,14 +677,6 @@ virFirewallApply(virFirewall *firewall)
virMutexLock(&ruleLock);
- if (currentBackend == VIR_FIREWALL_BACKEND_AUTOMATIC) {
- /* a specific backend should have been set when the firewall
- * object was created. If not, it means none was found.
- */
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Failed to initialize a valid firewall backend"));
- goto cleanup;
- }
if (!firewall || firewall->err) {
int err = EINVAL;
--
2.33.1