On Fri, Dec 14, 2012 at 08:06:49PM +0800, Gao feng wrote:
On 2012/12/01 04:26, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com> + case VIR_DOMAIN_NET_TYPE_NETWORK: { + virNetworkPtr network; + char *brname = NULL; + bool fail = false; + int active; + virErrorPtr errobj; + + if (!(network = virNetworkLookupByName(conn, + net->data.network.name))) + goto cleanup; + + active = virNetworkIsActive(network); + if (active != 1) { + fail = true; + if (active == 0) + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Network '%s' is not active."), + net->data.network.name); + } + + if (!fail) { + brname = virNetworkGetBridgeName(network); + if (brname == NULL) + fail = true; + } + + /* Make sure any above failure is preserved */ + errobj = virSaveLastError(); + virNetworkFree(network); + virSetError(errobj); + virFreeError(errobj); + + if (fail) + goto cleanup; + + if (!(veth = virLXCProcessSetupInterfaceBridged(conn, + vm->def, + net, + brname))) { + VIR_FREE(brname); + goto cleanup; + } + VIR_FREE(brname); + } break; + case VIR_DOMAIN_NET_TYPE_DIRECT: { + if (!(veth = virLXCProcessSetupInterfaceDirect(conn, + vm->def, + net))) + goto cleanup; + } break; + default: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Network device type is not supported")); + goto cleanup; + } + + if (virNetDevSetNamespace(veth, priv->initpid) < 0) { + virDomainAuditNet(vm, NULL, net, "attach", false);
Maybe it's better to move failed audit to the cleanup path.
I only wanted the audit message to be logged in the cases where we've actually tried to give the device to the container. Basically if the set namespace fails only. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|