[v2] configure: Remove build time checks for (ip|ip6|eb)tables

Message ID	9f305726023e7e2ca017d664150d01de3c8e05ba.1461440358.git.crobinso@redhat.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 209.132.183.24 as permitted sender) client-ip=209.132.183.24; From: Cole Robinson <crobinso@redhat.com> To: libvirt-list@redhat.com Date: Sat, 23 Apr 2016 15:39:38 -0400 Message-Id: <9f305726023e7e2ca017d664150d01de3c8e05ba.1461440358.git.crobinso@redhat.com> Cc: Andrea Bolognani <abologna@redhat.com>, Laine Stump <laine@laine.org> Subject: [libvirt] [PATCH v2] configure: Remove build time checks for (ip\|ip6\|eb)tables Precedence: junk MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com

diff --git a/configure.ac b/configure.ac index de5f430..35ae16e 100644 --- a/configure.ac +++ b/configure.ac @@ -694,18 +694,6 @@ if test x"$with_rhel5_api" = x"yes"; then AC_DEFINE([WITH_RHEL5_API], [1], [whether building for the RHEL-5 API]) fi -AC_PATH_PROG([IP_PATH], [ip], /sbin/ip, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP_PATH], "$IP_PATH", [path to ip binary]) - -AC_PATH_PROG([IPTABLES_PATH], [iptables], /sbin/iptables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IPTABLES_PATH], "$IPTABLES_PATH", [path to iptables binary]) - -AC_PATH_PROG([IP6TABLES_PATH], [ip6tables], /sbin/ip6tables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([IP6TABLES_PATH], "$IP6TABLES_PATH", [path to ip6tables binary]) - -AC_PATH_PROG([EBTABLES_PATH], [ebtables], /sbin/ebtables, [/usr/sbin:$PATH]) -AC_DEFINE_UNQUOTED([EBTABLES_PATH], "$EBTABLES_PATH", [path to ebtables binary]) - dnl dnl Checks for the OpenVZ driver diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c index f26fd86..0c8e3bf 100644 --- a/src/util/virfirewall.c +++ b/src/util/virfirewall.c @@ -47,9 +47,9 @@ typedef virFirewallGroup *virFirewallGroupPtr; VIR_ENUM_DECL(virFirewallLayerCommand) VIR_ENUM_IMPL(virFirewallLayerCommand, VIR_FIREWALL_LAYER_LAST, - EBTABLES_PATH, - IPTABLES_PATH, - IP6TABLES_PATH); + "ebtables", + "iptables", + "ip6tables"); VIR_ENUM_DECL(virFirewallLayerFirewallD) VIR_ENUM_IMPL(virFirewallLayerFirewallD, VIR_FIREWALL_LAYER_LAST, @@ -134,13 +134,13 @@ static void virFirewallCheckUpdateLocking(void) { const char *iptablesArgs[] = { - IPTABLES_PATH, "-w", "-L", "-n", NULL, + "iptables", "-w", "-L", "-n", NULL, }; const char *ip6tablesArgs[] = { - IP6TABLES_PATH, "-w", "-L", "-n", NULL, + "ip6tables", "-w", "-L", "-n", NULL, }; const char *ebtablesArgs[] = { - EBTABLES_PATH, "--concurrent", "-L", NULL, + "ebtables", "--concurrent", "-L", NULL, }; if (lockOverride) return; @@ -182,17 +182,19 @@ virFirewallValidateBackend(virFirewallBackend backend) if (backend == VIR_FIREWALL_BACKEND_DIRECT) { const char *commands[] = { - IPTABLES_PATH, IP6TABLES_PATH, EBTABLES_PATH + "iptables", "ip6tables", "ebtables" }; size_t i; for (i = 0; i < ARRAY_CARDINALITY(commands); i++) { - if (!virFileIsExecutable(commands[i])) { + char *path = virFindFileInPath(commands[i]); + if (!path || !virFileIsExecutable(path)) { virReportSystemError(errno, _("direct firewall backend requested, but %s is not available"), commands[i]); return -1; } + VIR_FREE(path); } VIR_DEBUG("found iptables/ip6tables/ebtables, using direct backend"); } diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index bb17b84..75e45fd 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -1469,7 +1469,7 @@ int virNetDevSetIPAddress(const char *ifname, virCommandAddArgList(cmd, "broadcast", bcaststr, NULL); virCommandAddArg(cmd, "alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); if (peerstr) @@ -1506,7 +1506,7 @@ virNetDevAddRoute(const char *ifname, goto cleanup; if (!(gatewaystr = virSocketAddrFormat(gateway))) goto cleanup; - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "route", "add", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "via", gatewaystr, "dev", ifname, @@ -1544,7 +1544,7 @@ int virNetDevClearIPAddress(const char *ifname, virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArg(cmd, "-alias"); # else - cmd = virCommandNew(IP_PATH); + cmd = virCommandNew("ip"); virCommandAddArgList(cmd, "addr", "del", NULL); virCommandAddArgFormat(cmd, "%s/%u", addrstr, prefix); virCommandAddArgList(cmd, "dev", ifname, NULL); diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index f1f29c6..976e883 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -128,11 +128,11 @@ VIR_MOCK_WRAP_RET_ARGS(dbus_connection_send_with_reply_and_block, if (fwBuf) { if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IPTABLES_PATH); + virBufferAddLit(fwBuf, "iptables"); else if (STREQ(type, "ipv4")) - virBufferAddLit(fwBuf, IP6TABLES_PATH); + virBufferAddLit(fwBuf, "ip6tables"); else - virBufferAddLit(fwBuf, EBTABLES_PATH); + virBufferAddLit(fwBuf, "ebtables"); } for (i = 0; i < nargs; i++) { if (fwBuf) { @@ -204,8 +204,8 @@ testFirewallSingleGroup(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -263,8 +263,8 @@ testFirewallRemoveRule(const void *opaque) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; virFirewallRulePtr fwrule; @@ -329,10 +329,10 @@ testFirewallManyGroups(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -423,10 +423,10 @@ testFirewallIgnoreFailGroup(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -498,10 +498,10 @@ testFirewallIgnoreFailRule(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A OUTPUT --jump DROP\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -A OUTPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A OUTPUT --jump DROP\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -572,8 +572,8 @@ testFirewallNoRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -642,11 +642,11 @@ testFirewallSingleRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -732,10 +732,10 @@ testFirewallManyRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -825,14 +825,14 @@ testFirewallChainedRollback(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host 192.168.122.255 --jump REJECT\n" - IPTABLES_PATH " -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n" + "iptables -D INPUT --source-host 192.168.122.255 --jump REJECT\n" + "iptables -D INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; fwDisabled = data->fwDisabled; @@ -976,11 +976,11 @@ testFirewallQueryHook(const char *const*args, int *status, void *opaque ATTRIBUTE_UNUSED) { - if (STREQ(args[0], IPTABLES_PATH) && + if (STREQ(args[0], "iptables") && STREQ(args[1], "-L")) { if (VIR_STRDUP(*output, TEST_FILTER_TABLE_LIST) < 0) *status = 127; - } else if (STREQ(args[0], IPTABLES_PATH) && + } else if (STREQ(args[0], "iptables") && STREQ(args[1], "-t") && STREQ(args[2], "nat") && STREQ(args[3], "-L")) { @@ -1026,15 +1026,15 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) int ret = -1; const char *actual = NULL; const char *expected = - IPTABLES_PATH " -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.127 --jump REJECT\n" - IPTABLES_PATH " -L\n" - IPTABLES_PATH " -t nat -L\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.130 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host 192.168.122.128 --jump REJECT\n" - IPTABLES_PATH " -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; + "iptables -A INPUT --source-host 192.168.122.1 --jump ACCEPT\n" + "iptables -A INPUT --source-host 192.168.122.127 --jump REJECT\n" + "iptables -L\n" + "iptables -t nat -L\n" + "iptables -A INPUT --source-host 192.168.122.130 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.129' --jump REJECT\n" + "iptables -A INPUT --source-host 192.168.122.128 --jump REJECT\n" + "iptables -A INPUT --source-host '!192.168.122.1' --jump REJECT\n"; const struct testFirewallData *data = opaque; expectedLineNum = 0;

[v2] configure: Remove build time checks for (ip|ip6|eb)tables

Commit Message

Comments

Patch