[libvirt] [PATCH] Disable NWFilter driver completely when unprivileged
From: "Daniel P. Berrange" <berrange@redhat.com> Running libvirtd unprivileged results in a warning message from the NWFilter driver virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory Since it requires privileged network access, this driver should not even run when unprivileged. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 58d91f9..9034549 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -68,6 +68,9 @@ static int nwfilterDriverStartup(int privileged) { char *base = NULL; + if (!privileged) + return 0; + if (virNWFilterIPAddrMapInit() < 0) return -1; if (virNWFilterLearnInit() < 0) -- 1.7.10.4
On 20.07.2012 16:22, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Running libvirtd unprivileged results in a warning message from the NWFilter driver
virNWFilterSnoopLeaseFileRefresh:1882 : open("/var/run/libvirt/network/nwfilter.ltmp"): No such file or directory
Since it requires privileged network access, this driver should not even run when unprivileged.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/nwfilter/nwfilter_driver.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c index 58d91f9..9034549 100644 --- a/src/nwfilter/nwfilter_driver.c +++ b/src/nwfilter/nwfilter_driver.c @@ -68,6 +68,9 @@ static int nwfilterDriverStartup(int privileged) { char *base = NULL;
+ if (!privileged) + return 0; + if (virNWFilterIPAddrMapInit() < 0) return -1; if (virNWFilterLearnInit() < 0)
ACK
participants (2)
-
Daniel P. Berrange -
Michal Privoznik