When opening a new connection to the driver, nwfilterOpen only succeeds if the driverState has been allocated. Move the privilege check in driver initialization before the state allocation to disable the driver. This changes the nwfilter-define error from: error: cannot create config directory (null): Bad address To: this function is not supported by the connection driver: virNWFilterDefineXML https://bugzilla.redhat.com/show_bug.cgi?id=1029266 --- v1: https://www.redhat.com/archives/libvir-list/2013-November/msg00368.html v2: https://www.redhat.com/archives/libvir-list/2013-November/msg00374.html forbid everything instead of just virNWFilterDefineXML v3: cut a pair of holes into my brown paper bag src/nwfilter/nwfilter_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 6602d73..d521adf 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -174,6 +174,9 @@ nwfilterStateInitialize(bool privileged, char *base = NULL; DBusConnection *sysbus = NULL; + if (!privileged) + return 0; + #if WITH_DBUS if (virDBusHasSystemBus() && !(sysbus = virDBusGetSystemBus())) @@ -190,9 +193,6 @@ nwfilterStateInitialize(bool privileged, driverState->watchingFirewallD = (sysbus != NULL); driverState->privileged = privileged; - if (!privileged) - return 0; - nwfilterDriverLock(driverState); if (virNWFilterIPAddrMapInit() < 0)