Avoid warnings from nwfilter driver when run non-root

When run non-root the nwfilter driver logs error messages about
being unable to find iptables/ebtables commands (they are in
/sbin which isn't in $PATH). The nwfilter driver can't ever work
as non-root, so simply skip it entirely thus avoiding the error
messages

* src/conf/nwfilter_conf.h, src/nwfilter/nwfilter_driver.c,
  src/nwfilter/nwfilter_gentech_driver.c,
  src/nwfilter/nwfilter_gentech_driver.h: Pass 'bool privileged'
  flag down to final driver impl
* src/nwfilter/nwfilter_ebiptables_driver.c: Skip initialization
  if not privileged

diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 8f8383f2c4dc045083f51eba7708162d6e68d95a..34ff399b8ad86519c9b43fc8cae344294fb1a092 100644 (file)
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -502,7 +502,7 @@ struct domUpdateCBStruct {
 };
 
 
-typedef int (*virNWFilterTechDrvInit)(void);
+typedef int (*virNWFilterTechDrvInit)(bool privileged);
 typedef void (*virNWFilterTechDrvShutdown)(void);
 
 enum virDomainNetType;

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index f9033117e8bd79ec41bed112a66547d131432543..a5793062dab3968e354621369d293ae447f77e74 100644 (file)
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -69,7 +69,7 @@ nwfilterDriverStartup(int privileged) {
     if (virNWFilterLearnInit() < 0)
         return -1;
 
-    virNWFilterTechDriversInit();
+    virNWFilterTechDriversInit(privileged);
 
     if (virNWFilterConfLayerInit(virNWFilterDomainFWUpdateCB) < 0)
         goto conf_init_err;

diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index 1b8730dc90efa214c7bc5d0aa839d8beb06f56a8..39cd0f3498ef457ecbeba399ce06ca675255fc3b 100644 (file)
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -114,7 +114,7 @@ static const char *m_physdev_out_str = "-m physdev " PHYSDEV_OUT;
 #define COMMENT_VARNAME "comment"
 
 static int ebtablesRemoveBasicRules(const char *ifname);
-static int ebiptablesDriverInit(void);
+static int ebiptablesDriverInit(bool privileged);
 static void ebiptablesDriverShutdown(void);
 static int ebtablesCleanAll(const char *ifname);
 static int ebiptablesAllTeardown(const char *ifname);
@@ -3653,11 +3653,14 @@ virNWFilterTechDriver ebiptables_driver = {
 
 
 static int
-ebiptablesDriverInit(void)
+ebiptablesDriverInit(bool privileged)
 {
     virBuffer buf = VIR_BUFFER_INITIALIZER;
     int cli_status;
 
+    if (!privileged)
+        return 0;
+
     if (virMutexInit(&execCLIMutex))
         return EINVAL;
 
@@ -3730,7 +3733,7 @@ ebiptablesDriverInit(void)
 
 
 static void
-ebiptablesDriverShutdown()
+ebiptablesDriverShutdown(void)
 {
     VIR_FREE(gawk_cmd_path);
     VIR_FREE(grep_cmd_path);

diff --git a/src/nwfilter/nwfilter_gentech_driver.c b/src/nwfilter/nwfilter_gentech_driver.c
index e64c3ec948532f1d7d06cc5f55d27a5d560187b8..9ef36925e1da1b9b3c3b88aa216101d376c8035b 100644 (file)
--- a/src/nwfilter/nwfilter_gentech_driver.c
+++ b/src/nwfilter/nwfilter_gentech_driver.c
@@ -50,17 +50,17 @@ static virNWFilterTechDriverPtr filter_tech_drivers[] = {
 };
 
 
-void virNWFilterTechDriversInit() {
+void virNWFilterTechDriversInit(bool privileged) {
     int i = 0;
     while (filter_tech_drivers[i]) {
         if (!(filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED))
-            filter_tech_drivers[i]->init();
+            filter_tech_drivers[i]->init(privileged);
         i++;
     }
 }
 
 
-void virNWFilterTechDriversShutdown() {
+void virNWFilterTechDriversShutdown(void) {
     int i = 0;
     while (filter_tech_drivers[i]) {
         if ((filter_tech_drivers[i]->flags & TECHDRV_FLAG_INITIALIZED))

diff --git a/src/nwfilter/nwfilter_gentech_driver.h b/src/nwfilter/nwfilter_gentech_driver.h
index c9dd4a1f1efad448d554ef43c6560e976efa80bf..271bf85616100af3e4652b7038e09d2607585be3 100644 (file)
--- a/src/nwfilter/nwfilter_gentech_driver.h
+++ b/src/nwfilter/nwfilter_gentech_driver.h
@@ -28,7 +28,7 @@ virNWFilterTechDriverPtr virNWFilterTechDriverForName(const char *name);
 int virNWFilterRuleInstAddData(virNWFilterRuleInstPtr res,
                                void *data);
 
-void virNWFilterTechDriversInit(void);
+void virNWFilterTechDriversInit(bool privileged);
 void virNWFilterTechDriversShutdown(void);
 
 enum instCase {