Bug 443796

Summary: libvirt is not built with Fedora iptables/lokkit integration
Product: [Fedora] Fedora Reporter: Mark McLoughlin <markmc>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: berrange
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.4.2-2.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-28 09:24:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 235705    
Attachments:
Description Flags
libvirt-lokkit.patch none

Description Mark McLoughlin 2008-04-23 12:51:11 UTC 
Recent versions of libvirt have code to use lokkit --custom-rules to ensure that
libvirt's iptables rules are retained even if e.g. the user changes the firewall
config or restarts iptables.

However, we don't currently build libvirt with this support. The attached patch
should fix that.

Note: I've only tested this on Fedora 9, but AFAIK it should work on Fedora 8 too.
Comment 1 Mark McLoughlin 2008-04-23 12:51:11 UTC 
Created attachment 303488 [details]
libvirt-lokkit.patch
Comment 2 Daniel Veillard 2008-04-23 13:47:00 UTC 
Hum, that's not in the upstream spec file, that's the first thing to do,
otherwise looks fine to me, obviously,

Daniel
Comment 3 Mark McLoughlin 2008-04-28 09:24:07 UTC 
Okay, built libvirt-0.4.2-2.fc9 and libvirt-0.4.2-2.fc10

Not sending the patch upstream, since the upstream spec file seems to not be
including fedora specific stuff and this is fedora specific

Not requesting the build be tagged in dist-f9 because it should be fine to just
have as an update

* Mon Apr 28 2008 Mark McLoughlin <markmc> - 0.4.2-2.fc9
- Enable lokkit support (#443796)