From nobody Thu Sep 19 01:10:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1718124540329517.1338969615804; Tue, 11 Jun 2024 09:49:00 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4E3CEBDC; Tue, 11 Jun 2024 12:48:59 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 23312D3F; Tue, 11 Jun 2024 12:48:13 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id ADA07B6F; Tue, 11 Jun 2024 12:48:06 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 5082CB43 for ; Tue, 11 Jun 2024 12:48:06 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-611-rBkkviMoPomPechEFHHIww-1; Tue, 11 Jun 2024 12:48:04 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B836119560AE for ; Tue, 11 Jun 2024 16:48:03 +0000 (UTC) Received: from toolbox.redhat.com (unknown [10.42.28.73]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A97EB1956048; Tue, 11 Jun 2024 16:48:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: *** X-Spam-Status: No, score=3.0 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_SBL_CSS,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1718124486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P1joicQDplBWW8pscxCv1G6ZWVelJ02fZDy9yspgMwc=; b=cRodbkAjFTGZ6mOSGXNTZ3+ehvF9H8lEOQpWqYej6XlQSDnh3limkEv8VXU75HbfC3TM/V flSkqgOdnNIGQkQpXF/DNcS+UL4FNzdjNh9O9my7eFqZ6Sz/Vo1y57m4Fpvp10phB6zgis QTsp+oCZI3HztIm1DnBYBkPi5zXYtGY= X-MC-Unique: rBkkviMoPomPechEFHHIww-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: devel@lists.libvirt.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 2/2] network: don't attempt to initialize if non-privileged Date: Tue, 11 Jun 2024 17:47:58 +0100 Message-ID: <20240611164758.1036695-3-berrange@redhat.com> In-Reply-To: <20240611164758.1036695-1-berrange@redhat.com> References: <20240611164758.1036695-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: T5ZGWOXUW4QRPFURBI2BGZVKM7URT45M X-Message-ID-Hash: T5ZGWOXUW4QRPFURBI2BGZVKM7URT45M X-MailFrom: berrange@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1718124541898100001 Content-Type: text/plain; charset="utf-8" Running any of the firewall tools is unsupported when non-root. Rather than attempt to initialize the driver, which will then be unusable, just skip initialization entirely and decline startup. This allows libvirtd to carry on operating with the network driver disabled, while ensuring virtnetworkd will shutdown. Signed-off-by: Daniel P. Berrang=C3=A9 Reviewed-by: Laine Stump --- src/network/bridge_driver.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index 371bc2bae6..ce69c56464 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -596,6 +596,12 @@ networkStateInitialize(bool privileged, return -1; } =20 + /* Can't manipulate the firewall when non-root */ + if (!privileged) { + ret =3D VIR_DRV_STATE_INIT_SKIPPED; + goto error; + } + network_driver =3D g_new0(virNetworkDriverState, 1); =20 network_driver->lockFD =3D -1; --=20 2.45.1