From nobody Mon Sep 16 19:22:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1716911469055932.3888942703951; Tue, 28 May 2024 08:51:09 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id E0DE31A52; Tue, 28 May 2024 11:51:07 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 146291B3E; Tue, 28 May 2024 11:49:34 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9BA1F18E1; Tue, 28 May 2024 11:49:28 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id F1D9E1922 for ; Tue, 28 May 2024 11:49:27 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-427-1xcA6-9DN165qKyQ5u288Q-1; Tue, 28 May 2024 11:49:26 -0400 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D091129AA382 for ; Tue, 28 May 2024 15:49:25 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.225.175]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DBD89402D8D; Tue, 28 May 2024 15:49:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1716911367; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=O+2Z4SaRuFlLinDEK9JXGG1oCW6C/E0ci9P9Ibt2swM=; b=T4HUfcjdMlqJQ8WpR8K/uSmRy7wQzewOT1427IVJhH2uyRkgnmSS64im9eqcg8mUxK/Z6j moVNoZaJNciz6FB+WWoXFRqohGwgmMnllWYw/IHQrTa/btVzg1FQXsYuafwTaNvY2l/k6G nkrE/dscDCtP6woaHorWSC98t9kww+E= X-MC-Unique: 1xcA6-9DN165qKyQ5u288Q-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 1/3] meson: Improve default firewall backend configuration Date: Tue, 28 May 2024 17:49:19 +0200 Message-ID: <20240528154922.366266-2-abologna@redhat.com> In-Reply-To: <20240528154922.366266-1-abologna@redhat.com> References: <20240528154922.366266-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: KHDECVXYUTJX5JSN6COMCYFA52A6YWLR X-Message-ID-Hash: KHDECVXYUTJX5JSN6COMCYFA52A6YWLR X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Laine Stump X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1716911469967100001 Content-Type: text/plain; charset="utf-8"; x-default="true" The current implementation requires users to configure the preference as such: -Dfirewall_backend_default_1=3Diptables -Dfirewall_backend_default_2=3Dnftables In addition to being more verbose than one would hope, there are several things that could go wrong. First of all, meson performs no validation on the provided values, so mistakes will only be caught by the compiler. Additionally, it's entirely possible to provide nonsensical combinations, such as repeating the same value twice. Change things so that the preference can now be configured as such: -Dfirewall_backend_priority=3Diptables,nftables Checks have been added to prevent invalid values from being accepted. Signed-off-by: Andrea Bolognani Reviewed-by: Laine Stump Reviewed-by: Pavel Hrdina --- meson.build | 16 +++++++++------- meson_options.txt | 3 +-- src/network/bridge_driver_conf.c | 6 +++++- src/network/meson.build | 6 ++++-- src/network/network.conf.in | 13 +++++++------ 5 files changed, 26 insertions(+), 18 deletions(-) diff --git a/meson.build b/meson.build index f67c3d2724..ed0e9686f8 100644 --- a/meson.build +++ b/meson.build @@ -1635,15 +1635,17 @@ endif =20 if not get_option('driver_network').disabled() and conf.has('WITH_LIBVIRTD= ') conf.set('WITH_NETWORK', 1) - firewall_backend_default_1 =3D get_option('firewall_backend_default_1') - firewall_backend_default_conf =3D firewall_backend_default_1 - firewall_backend_default_1 =3D 'VIR_FIREWALL_BACKEND_' + firewall_backen= d_default_1.to_upper() - conf.set('FIREWALL_BACKEND_DEFAULT_1', firewall_backend_default_1) =20 - firewall_backend_default_2 =3D get_option('firewall_backend_default_2') - firewall_backend_default_2 =3D 'VIR_FIREWALL_BACKEND_' + firewall_backen= d_default_2.to_upper() - conf.set('FIREWALL_BACKEND_DEFAULT_2', firewall_backend_default_2) + firewall_backend_priority =3D get_option('firewall_backend_priority') + if (not firewall_backend_priority.contains('nftables') or + not firewall_backend_priority.contains('iptables') or + firewall_backend_priority.length() !=3D 2) + error('invalid value for firewall_backend_priority option') + endif =20 + conf.set('FIREWALL_BACKEND_PRIORITY_0', 'VIR_FIREWALL_BACKEND_' + firewa= ll_backend_priority[0].to_upper()) + conf.set('FIREWALL_BACKEND_PRIORITY_1', 'VIR_FIREWALL_BACKEND_' + firewa= ll_backend_priority[1].to_upper()) + conf.set('FIREWALL_BACKEND_PRIORITY_NUM', firewall_backend_priority.leng= th()) elif get_option('driver_network').enabled() error('libvirtd must be enabled to build the network driver') endif diff --git a/meson_options.txt b/meson_options.txt index ad354a8668..8723d13231 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -115,8 +115,7 @@ option('dtrace', type: 'feature', value: 'auto', descri= ption: 'use dtrace for st option('firewalld', type: 'feature', value: 'auto', description: 'firewall= d support') # dep:firewalld option('firewalld_zone', type: 'feature', value: 'auto', description: 'whe= ther to install firewalld libvirt zone') -option('firewall_backend_default_1', type: 'string', value: 'nftables', de= scription: 'first firewall backend to try when none is specified') -option('firewall_backend_default_2', type: 'string', value: 'iptables', de= scription: 'second firewall backend to try when none is specified (and firs= t is unavailable)') +option('firewall_backend_priority', type: 'array', choices: ['nftables', '= iptables'], description: 'firewall backends to try, preferred ones first') option('host_validate', type: 'feature', value: 'auto', description: 'buil= d virt-host-validate') option('init_script', type: 'combo', choices: ['systemd', 'openrc', 'check= ', 'none'], value: 'check', description: 'Style of init script to install') option('loader_nvram', type: 'string', value: '', description: 'Pass list = of pairs of : paths. Both pairs and list items are separated= by a colon.') diff --git a/src/network/bridge_driver_conf.c b/src/network/bridge_driver_c= onf.c index 8f4956dace..e2f3613a41 100644 --- a/src/network/bridge_driver_conf.c +++ b/src/network/bridge_driver_conf.c @@ -67,8 +67,12 @@ virNetworkLoadDriverConfig(virNetworkDriverConfig *cfg G= _GNUC_UNUSED, g_autofree char *fwBackendStr =3D NULL; bool fwBackendSelected =3D false; size_t i; - int fwBackends[] =3D { FIREWALL_BACKEND_DEFAULT_1, FIREWALL_BACKEND_DE= FAULT_2 }; + int fwBackends[] =3D { + FIREWALL_BACKEND_PRIORITY_0, + FIREWALL_BACKEND_PRIORITY_1, + }; G_STATIC_ASSERT(G_N_ELEMENTS(fwBackends) =3D=3D VIR_FIREWALL_BACKEND_L= AST); + G_STATIC_ASSERT(G_N_ELEMENTS(fwBackends) =3D=3D FIREWALL_BACKEND_PRIOR= ITY_NUM); int nFwBackends =3D G_N_ELEMENTS(fwBackends); =20 if (access(filename, R_OK) =3D=3D 0) { diff --git a/src/network/meson.build b/src/network/meson.build index bf2893accc..07cd5cda55 100644 --- a/src/network/meson.build +++ b/src/network/meson.build @@ -51,7 +51,8 @@ if conf.has('WITH_NETWORK') } =20 network_options_conf =3D configuration_data({ - 'FIREWALL_BACKEND': firewall_backend_default_conf, + 'FIREWALL_BACKEND_PRIORITY': ', '.join(firewall_backend_priority), + 'FIREWALL_BACKEND': firewall_backend_priority[0], }) =20 network_conf =3D configure_file( @@ -61,7 +62,8 @@ if conf.has('WITH_NETWORK') ) =20 network_options_hack_conf =3D configuration_data({ - 'FIREWALL_BACKEND': firewall_backend_default_conf, + 'FIREWALL_BACKEND_PRIORITY': ', '.join(firewall_backend_priority), + 'FIREWALL_BACKEND': firewall_backend_priority[0], # This hack is necessary because the output file is going to be # used as input for another configure_file() call later, which # will take care of substituting @CONFIG@ with useful data diff --git a/src/network/network.conf.in b/src/network/network.conf.in index f579f39fcd..5ed64a04a5 100644 --- a/src/network/network.conf.in +++ b/src/network/network.conf.in @@ -12,12 +12,13 @@ # iptables - use iptables commands to construct the firewall # nftables - use nft commands to construct the firewall # -# If firewall_backend isn't set in this file, libvirt will -# prefer the @FIREWALL_BACKEND@ backend *if the necessary package. -# binary is installed*, otherwise it will look for the package/binary -# needed for the other backend and use that if available. If neither -# is available on the host, then the network driver will fail to -# start, and an error will be logged. +# If firewall_backend isn't configured, libvirt will choose the +# first available backend from the following list: +# +# [@FIREWALL_BACKEND_PRIORITY@] +# +# If no backend is available on the host, then the network driver +# will fail to start, and an error will be logged. # # (NB: switching from one backend to another while there are active # virtual networks *is* supported. The change will take place the --=20 2.45.1 From nobody Mon Sep 16 19:22:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1716911503121867.2248364674124; Tue, 28 May 2024 08:51:43 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id F30601A52; Tue, 28 May 2024 11:51:41 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 48F141A01; Tue, 28 May 2024 11:49:39 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 3F4F9196D; Tue, 28 May 2024 11:49:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 4438918E1 for ; Tue, 28 May 2024 11:49:29 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-267--iKtWiebPhWzPVD8yhyMWg-1; Tue, 28 May 2024 11:49:27 -0400 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E599B1C0512D for ; Tue, 28 May 2024 15:49:26 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.225.175]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1F71440004D; Tue, 28 May 2024 15:49:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1716911369; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SPkx4jYtI/2+xaASIoPksiLV21/MHvM8KCPQ/lsunAU=; b=WeElHlNL/q3EkEuQVRxJAytZzHxswZS5tHSgl90AThZrLQElHNx8KCfPsm81BZ4FCkA6WL HW3z4eBOc+NOP0qCKPYX5Jt88nMDJf6YcXsu9nfzC596DEedDwf7yoAnyWA509TV5mxFsS rt5XZzJbE0l3dMyL5mcFjtRFX1p5sYg= X-MC-Unique: -iKtWiebPhWzPVD8yhyMWg-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 2/3] meson: Include firewall backend selection in summary Date: Tue, 28 May 2024 17:49:20 +0200 Message-ID: <20240528154922.366266-3-abologna@redhat.com> In-Reply-To: <20240528154922.366266-1-abologna@redhat.com> References: <20240528154922.366266-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GVJD5R4SGQVO2NNATCRU63VFXQ7BEKMC X-Message-ID-Hash: GVJD5R4SGQVO2NNATCRU63VFXQ7BEKMC X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Laine Stump X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1716911503933100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Signed-off-by: Andrea Bolognani Reviewed-by: Laine Stump Reviewed-by: Pavel Hrdina --- meson.build | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meson.build b/meson.build index ed0e9686f8..e98ab0d5ac 100644 --- a/meson.build +++ b/meson.build @@ -2382,6 +2382,11 @@ misc_summary =3D { 'sysctl config': conf.has('WITH_SYSCTL'), 'userfaultfd sysctl': conf.has('WITH_USERFAULTFD_SYSCTL'), } +if conf.has('WITH_NETWORK') + misc_summary +=3D { + 'firewall backends': firewall_backend_priority, + } +endif summary(misc_summary, section: 'Miscellaneous', bool_yn: true, list_sep: '= ') =20 devtools_summary =3D { --=20 2.45.1 From nobody Mon Sep 16 19:22:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1716911533927510.0283452474082; Tue, 28 May 2024 08:52:13 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id CE18819FD; Tue, 28 May 2024 11:52:12 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id CF5611BCD; Tue, 28 May 2024 11:49:43 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4332518E1; Tue, 28 May 2024 11:49:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id AE3EC196B for ; Tue, 28 May 2024 11:49:29 -0400 (EDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-669-ndWnJvZfOim-CAjMyaqj8A-1; Tue, 28 May 2024 11:49:28 -0400 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 066E780118E for ; Tue, 28 May 2024 15:49:28 +0000 (UTC) Received: from harajuku.usersys.redhat.com.homenet.telecomitalia.it (unknown [10.45.225.175]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3411C491032; Tue, 28 May 2024 15:49:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1716911369; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/xWCR+GAtNFhpipEmBeihRXzi4Rj5g4qC8KyF3TaQzQ=; b=eOTeMxVIOv9YF+LOcifYULvDxIp/p+pqSaRRf0MicFhynyVNhTXl0tadS8+St+nmoTZhFW 9UPCxWeN3olyxWK9emKiYg2iYIAliUbNaxivJFf5nErnH74unD8bWLanAAsKq8vHoY6Yd+ k323jE4h5DlsfjKnFTb4BsHupJjx46g= X-MC-Unique: ndWnJvZfOim-CAjMyaqj8A-1 From: Andrea Bolognani To: devel@lists.libvirt.org Subject: [PATCH 3/3] rpm: Configure firewall backends explicitly Date: Tue, 28 May 2024 17:49:21 +0200 Message-ID: <20240528154922.366266-4-abologna@redhat.com> In-Reply-To: <20240528154922.366266-1-abologna@redhat.com> References: <20240528154922.366266-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: DL3T6R5KAJPRE4X5K2B6XLMVTYNK55AX X-Message-ID-Hash: DL3T6R5KAJPRE4X5K2B6XLMVTYNK55AX X-MailFrom: abologna@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Laine Stump X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1716911538122100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Signed-off-by: Andrea Bolognani Reviewed-by: Laine Stump Reviewed-by: Pavel Hrdina --- libvirt.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index 6fb223c74a..4381dbe30c 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1387,6 +1387,7 @@ export SOURCE_DATE_EPOCH=3D$(stat --printf=3D'%Y' %{_= specdir}/libvirt.spec) %{?enable_werror} \ -Dexpensive_tests=3Denabled \ -Dinit_script=3Dsystemd \ + -Dfirewall_backend_priority=3Dnftables,iptables \ -Ddocs=3Denabled \ -Dtests=3Denabled \ -Drpath=3Ddisabled \ --=20 2.45.1