And the 'ip' tool. There isn't much benefit to checking this at
configure time when we have infrastructure nowadays for looking up
binaries in the PATH
---
v2:
Keep the virFileIsExecutable check
configure.ac | 12 ------
src/util/virfirewall.c | 18 +++++----
src/util/virnetdev.c | 6 +--
tests/virfirewalltest.c | 98 ++++++++++++++++++++++++-------------------------
4 files changed, 62 insertions(+), 72 deletions(-)
diff --git a/configure.ac b/configure.ac
index de5f430..35ae16e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -694,18 +694,6 @@ if test x"$with_rhel5_api" = x"yes"; then
AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API])
fi
-AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary])
-
-AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables
binary])
-
-AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables
binary])
-
-AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH])
-AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables
binary])
-
dnl
dnl Checks for the OpenVZ driver
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index f26fd86..0c8e3bf 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -47,9 +47,9 @@ typedef virFirewallGroup *virFirewallGroupPtr;
VIR_ENUM_DECL(virFirewallLayerCommand)
VIR_ENUM_IMPL(virFirewallLayerCommand, VIR_FIREWALL_LAYER_LAST,
- EBTABLES_PATH,
- IPTABLES_PATH,
- IP6TABLES_PATH);
+ "ebtables",
+ "iptables",
+ "ip6tables");
VIR_ENUM_DECL(virFirewallLayerFirewallD)
VIR_ENUM_IMPL(virFirewallLayerFirewallD, VIR_FIREWALL_LAYER_LAST,
@@ -134,13 +134,13 @@ static void
virFirewallCheckUpdateLocking(void)
{
const char *iptablesArgs[] = {
- IPTABLES_PATH, "-w", "-L", "-n", NULL,
+ "iptables", "-w", "-L", "-n", NULL,
};
const char *ip6tablesArgs[] = {
- IP6TABLES_PATH, "-w", "-L", "-n", NULL,
+ "ip6tables", "-w", "-L", "-n", NULL,
};
const char *ebtablesArgs[] = {
- EBTABLES_PATH, "--concurrent", "-L", NULL,
+ "ebtables", "--concurrent", "-L", NULL,
};
if (lockOverride)
return;
@@ -182,17 +182,19 @@ virFirewallValidateBackend(virFirewallBackend backend)
if (backend == VIR_FIREWALL_BACKEND_DIRECT) {
const char *commands[] = {
- IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH
+ "iptables", "ip6tables", "ebtables"
};
size_t i;
for (i = 0; i < ARRAY_CARDINALITY(commands); i++) {
- if (!virFileIsExecutable(commands[i])) {
+ char *path = virFindFileInPath(commands[i]);
+ if (!path || !virFileIsExecutable(path)) {
virReportSystemError(errno,
_("direct firewall backend requested, but %s is
not available"),
commands[i]);
return -1;
}
+ VIR_FREE(path);
}
VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend");
}
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index bb17b84..75e45fd 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -1469,7 +1469,7 @@ int virNetDevSetIPAddress(const char *ifname,
virCommandAddArgList(cmd, "broadcast", bcaststr, NULL);
virCommandAddArg(cmd, "alias");
# else
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "addr", "add", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
if (peerstr)
@@ -1506,7 +1506,7 @@ virNetDevAddRoute(const char *ifname,
goto cleanup;
if (!(gatewaystr = virSocketAddrFormat(gateway)))
goto cleanup;
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "route", "add", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArgList(cmd, "via", gatewaystr, "dev", ifname,
@@ -1544,7 +1544,7 @@ int virNetDevClearIPAddress(const char *ifname,
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArg(cmd, "-alias");
# else
- cmd = virCommandNew(IP_PATH);
+ cmd = virCommandNew("ip");
virCommandAddArgList(cmd, "addr", "del", NULL);
virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix);
virCommandAddArgList(cmd, "dev", ifname, NULL);
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index f1f29c6..976e883 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -128,11 +128,11 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block,
if (fwBuf) {
if (STREQ(type, "ipv4"))
- virBufferAddLit(fwBuf, IPTABLES_PATH);
+ virBufferAddLit(fwBuf, "iptables");
else if (STREQ(type, "ipv4"))
- virBufferAddLit(fwBuf, IP6TABLES_PATH);
+ virBufferAddLit(fwBuf, "ip6tables");
else
- virBufferAddLit(fwBuf, EBTABLES_PATH);
+ virBufferAddLit(fwBuf, "ebtables");
}
for (i = 0; i < nargs; i++) {
if (fwBuf) {
@@ -204,8 +204,8 @@ testFirewallSingleGroup(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -263,8 +263,8 @@ testFirewallRemoveRule(const void *opaque)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
virFirewallRulePtr fwrule;
@@ -329,10 +329,10 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -423,10 +423,10 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -498,10 +498,10 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A OUTPUT --jump DROP\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A OUTPUT --jump DROP\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -572,8 +572,8 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -642,11 +642,11 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -732,10 +732,10 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -825,14 +825,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump
REJECT\n"
- IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
+ "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n"
+ "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n"
+ "iptables -D INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
fwDisabled = data->fwDisabled;
@@ -976,11 +976,11 @@ testFirewallQueryHook(const char *const*args,
int *status,
void *opaque ATTRIBUTE_UNUSED)
{
- if (STREQ(args[0], IPTABLES_PATH) &&
+ if (STREQ(args[0], "iptables") &&
STREQ(args[1], "-L")) {
if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0)
*status = 127;
- } else if (STREQ(args[0], IPTABLES_PATH) &&
+ } else if (STREQ(args[0], "iptables") &&
STREQ(args[1], "-t") &&
STREQ(args[2], "nat") &&
STREQ(args[3], "-L")) {
@@ -1026,15 +1026,15 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED)
int ret = -1;
const char *actual = NULL;
const char *expected =
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump
REJECT\n"
- IPTABLES_PATH " -L\n"
- IPTABLES_PATH " -t nat -L\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump
REJECT\n"
- IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
+ "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n"
+ "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n"
+ "iptables -L\n"
+ "iptables -t nat -L\n"
+ "iptables -A INPUT --source-host 192.168.122.130 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.129' --jump
REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.129' --jump
REJECT\n"
+ "iptables -A INPUT --source-host 192.168.122.128 --jump REJECT\n"
+ "iptables -A INPUT --source-host '!192.168.122.1' --jump
REJECT\n";
const struct testFirewallData *data = opaque;
expectedLineNum = 0;
--
2.7.3