Daniel Veillard <veillard@redhat.com> wrote on 03/30/2010 10:02:09 AM:


> > Index: libvirt-acl/configure.ac
> > ===================================================================
> > --- libvirt-acl.orig/configure.ac
> > +++ libvirt-acl/configure.ac
> > @@ -300,6 +300,9 @@ AC_DEFINE_UNQUOTED([BASH_PATH], "$BASH_P
> >  AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/
> sbin:$PATH])
> >  AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to
> iptables binary])
> >  
> > +AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/
> usr/sbin:$PATH])
> > +AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to
> ip6tables binary])
> > +
> >  AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/
> sbin:$PATH])
> >  AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to
> ebtables binary])
>
>   The patch looks fine, based on the existing code, but I'm a bit
> surprized by the fact that while there is a lookup for
> ip6tables/iptables at configure time, i.e. when it's compiled, there
> is no check at runtime to verify that the binaries which were detected
> then are actually available on the target.
>   I think some of this should be relaxed like we do for other commands
> launched at runtime and somehow we should instead use
>   virFindFileInPath() from util.h
> to find the location of the preferred ip[6]tables.

I created a patch using this function call now. It's a bit bigger than expected. Should I wait for after the next release?

   Stefan

>
>   ACK,
>
> Daniel
>
> --
> Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
> daniel@veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
> http://veillard.com/ | virtualization library  http://libvirt.org/