On Tue, Nov 12, 2013 at 01:29:39PM +0100, Ján Tomko wrote:

When running unprivileged, nwfilter state already skips most of the initialization. Also forbid opening connections to the nwfilter driver when unprivileged.

This changes the nwfilter-define error from: error: cannot create config directory (null): Bad address To: this function is not supported by the connection driver: virNWFilterDefineXML

https://bugzilla.redhat.com/show_bug.cgi?id=1029266 --- v1: https://www.redhat.com/archives/libvir-list/2013-November/msg00368.html v2: forbid everything instead of just virNWFilterDefineXML

src/nwfilter/nwfilter_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 6602d73..d6e492f 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -415,7 +415,7 @@ nwfilterOpen(virConnectPtr conn, { virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR);

- if (!driverState) + if (!driverState || !driverState->privileged) return VIR_DRV_OPEN_DECLINED;

conn->nwfilterPrivateData = driverState;

The 'driverState' check alone is supposed to be sufficient. It looks like 'driverState' isn't getting free'd when the 'privileged' check fails during global init. So that should be fixed Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|