[libvirt] [PATCH 3/3] util: better error message after failure to initialize firewall backend

If the firewalld backend wasn't available and libvirt decides to try setting up a "direct" backend, it checks for the presence of iptables, ip6tables, and ebtables. If they are not found, a message like this is logged: error : virFirewallValidateBackend:193 : direct firewall backend requested, but /usr/sbin/ip6tables is not available: No such file or directory But then at a later time if an attempt is made to use the virFirewall API, failure will be indicated with: error : virFirewallApply:936 : out of memory This patch changes virFirewallApply to first check if a firewall backend hadn't been successfully setup, and logs a slightly more informative message in that case: error : virFirewallApply:940 : internal error: Failed to initialize a valid firewall backend This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1223876 --- src/util/virfirewall.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index 2251f97..a972c05 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -1,7 +1,7 @@ /* * virfirewall.c: integration with firewalls * - * Copyright (C) 2013, 2014 Red Hat, Inc. + * Copyright (C) 2013-2015 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -932,6 +932,14 @@ virFirewallApply(virFirewallPtr firewall) virMutexLock(&ruleLock); + if (currentBackend == VIR_FIREWALL_BACKEND_AUTOMATIC) { + /* a specific backend should have been set when the firewall + * object was created. If not, it means none was found. + */ + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Failed to initialize a valid firewall backend")); + goto cleanup; + } if (!firewall || firewall->err == ENOMEM) { virReportOOMError(); goto cleanup; -- 2.1.0