On Thu, Aug 23, 2018 at 08:54:53AM -0400, John Ferlan wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1608275
Commit id 2870419eb (in part) added virGetConnectNWFilter to allow opening drivers (interface, network, nwfilter, nodedev, secret, and storage) based on context and commit id f14c37ce4c started using the API; however, the nwfilterConnectOpen did not handle session mode resulting in the following message being logged when virDomainConfVMNWFilterTeardown was called during the domain shutdown processing:
error : nwfilterConnectOpen:383 : internal error: unexpected nwfilter URI path '/session', try nwfilter:///system
So similar to the other drivers add code in to check for /session when not privileged.
Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/nwfilter/nwfilter_driver.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index ac3a964388..6c25293fd9 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -377,11 +377,20 @@ nwfilterConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; }
- if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected nwfilter URI path '%s', try nwfilter:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; + if (driver->privileged) { + if (STRNEQ(conn->uri->path, "/system")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected nwfilter URI path '%s', try nwfilter:///system"), + conn->uri->path); + return VIR_DRV_OPEN_ERROR; + } + } else { + if (STRNEQ(conn->uri->path, "/session")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected nwfilter URI path '%s', try nwfilter:///session"), + conn->uri->path); + return VIR_DRV_OPEN_ERROR; + } }
This isn't right - we should never open the driver in session mode - the nwfilterStateInitialize() method explicitly skips initialization in an unprivileged daemon because sesson mode is not supported. So I think we need to change the virt drivers to not blindly run this cleanup code in session mode. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|