[libvirt] [PATCH 2/5] Prevent test failures with ebtables/iptables/ip6tables are missing
When running tests in a restricted container (as opposed to a full
OS install), we can't assume ebtables/iptbles/ip6tables are going
to be installed. We must check this and mark the tests as skipped.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/networkxml2firewalltest.c | 13 +++++++++++++
tests/nwfilterebiptablestest.c | 13 +++++++++++++
tests/nwfilterxml2firewalltest.c | 12 ++++++++++++
tests/virfirewalltest.c | 13 +++++++++++++
4 files changed, 51 insertions(+)
diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
index 58a9516..fed0e66 100644
--- a/tests/networkxml2firewalltest.c
+++ b/tests/networkxml2firewalltest.c
@@ -108,6 +108,14 @@ testCompareXMLToIPTablesHelper(const void *data)
return result;
}
+static bool
+hasNetfilterTools(void)
+{
+ return virFileIsExecutable(IPTABLES_PATH) &&
+ virFileIsExecutable(IP6TABLES_PATH) &&
+ virFileIsExecutable(EBTABLES_PATH);
+}
+
static int
mymain(void)
@@ -131,6 +139,11 @@ mymain(void)
virFirewallSetLockOverride(true);
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+ if (!hasNetfilterTools()) {
+ fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+ return EXIT_AM_SKIP;
+ }
+
ret = -1;
goto cleanup;
}
diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c
index 4357133..6073423 100644
--- a/tests/nwfilterebiptablestest.c
+++ b/tests/nwfilterebiptablestest.c
@@ -517,6 +517,14 @@ testNWFilterEBIPTablesApplyDropAllRules(const void *opaque
ATTRIBUTE_UNUSED)
return ret;
}
+static bool
+hasNetfilterTools(void)
+{
+ return virFileIsExecutable(IPTABLES_PATH) &&
+ virFileIsExecutable(IP6TABLES_PATH) &&
+ virFileIsExecutable(EBTABLES_PATH);
+}
+
static int
mymain(void)
@@ -526,6 +534,11 @@ mymain(void)
virFirewallSetLockOverride(true);
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+ if (!hasNetfilterTools()) {
+ fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+ return EXIT_AM_SKIP;
+ }
+
ret = -1;
goto cleanup;
}
diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c
index 95ab46e..3d6e792 100644
--- a/tests/nwfilterxml2firewalltest.c
+++ b/tests/nwfilterxml2firewalltest.c
@@ -445,6 +445,14 @@ testCompareXMLToIPTablesHelper(const void *data)
return result;
}
+static bool
+hasNetfilterTools(void)
+{
+ return virFileIsExecutable(IPTABLES_PATH) &&
+ virFileIsExecutable(IP6TABLES_PATH) &&
+ virFileIsExecutable(EBTABLES_PATH);
+}
+
static int
mymain(void)
@@ -468,6 +476,10 @@ mymain(void)
virFirewallSetLockOverride(true);
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
+ if (!hasNetfilterTools()) {
+ fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+ return EXIT_AM_SKIP;
+ }
ret = -1;
goto cleanup;
}
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 0f703a6..ac99b82 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -1123,11 +1123,24 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
return ret;
}
+static bool
+hasNetfilterTools(void)
+{
+ return virFileIsExecutable(IPTABLES_PATH) &&
+ virFileIsExecutable(IP6TABLES_PATH) &&
+ virFileIsExecutable(EBTABLES_PATH);
+}
+
static int
mymain(void)
{
int ret = 0;
+ if (!hasNetfilterTools()) {
+ fprintf(stderr, "iptables/ip6tables/ebtables tools not present");
+ return EXIT_AM_SKIP;
+ }
+
# define RUN_TEST_DIRECT(name, method) \
do { \
struct testFirewallData data; \
--
2.9.3