[PATCH 4/5] network: remove firewalld version check from networkSetBridgeZone()

Thursday, 5 September 2024

At the time the version check in this function was written, there were
still several supported versions of some distros that were using a
version of firewalld too old to support the "rich rule priorities"
used by the 'libvirt' zone that we installed for firewalld. Today the
newest distro that has a version of firewalld < 0.7.0 is
RHEL7/CentOS7, so we can remove the complexity and if the libvirt zone
is missing simply say "the libvirt zone is missing".

Signed-off-by: Laine Stump <laine(a)redhat.com&gt;
---
 src/network/bridge_driver_linux.c | 21 +++------------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
index a6203a712e..af758d4f3d 100644
--- a/src/network/bridge_driver_linux.c
+++ b/src/network/bridge_driver_linux.c
@@ -381,24 +381,9 @@ networkSetBridgeZone(virNetworkDef *def)
                 if (virFirewallDInterfaceSetZone(def->bridge, "libvirt")
< 0)
                     return -1;
             } else {
-                unsigned long long version;
-                int vresult = virFirewallDGetVersion(&version);
-
-                if (vresult < 0)
-                    return -1;
-
-                /* Support for nftables backend was added in firewalld
-                 * 0.6.0. Support for rule priorities (required by the
-                 * 'libvirt' zone, which should be installed by a
-                 * libvirt package, *not* by firewalld) was not added
-                 * until firewalld 0.7.0 (unless it was backported).
-                 */
-                if (version >= 6000 &&
-                    virFirewallDGetBackend() == VIR_FIREWALLD_BACKEND_NFTABLES) {
-                    virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                                   _("firewalld is set to use the nftables backend,
but the required firewalld 'libvirt' zone is missing. Either set the firewalld
backend to 'iptables', or ensure that firewalld has a 'libvirt' zone by
upgrading firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding
libvirt with --with-firewalld-zone"));
-                    return -1;
-                }
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("firewalld can't find the 'libvirt'
zone that should have been installed with libvirt"));
+                return -1;
             }
         }
     }
-- 
2.46.0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 4/5] network: remove firewalld version check from networkSetBridgeZone()