Bug 661262

Summary: gawk, iptables and ebtables are not discovered if installed after libvirtd is started
Product: [Community] Virtualization Tools Reporter: Soren Hansen <soren>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED DEFERRED QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: crobinso, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-23 19:36:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Soren Hansen 2010-12-08 11:12:05 UTC 
Description of problem:

NWFilter code does not discover if required tools are installed after starting the daemon (nor if they are removed).

Version-Release number of selected component (if applicable):

0.8.3 at least.

How reproducible:

Every time.

Steps to Reproduce:
1. Uninstall (if already installed) ebtables.
2. Start libvirtd
3. Try to start a guest that uses nwfilters.
4. Watch it fail.
5. Install ebtables and repeat steps 3 and 4.
  
Actual results:

It fails to notice that I've now installed ebtables (and gawk and iptables).

Expected results:

It should notice that these tools are now available.

Additional info:

The converse is also true: If they tools are present when libvirtd starts, but are removed later, things will fail.
Comment 1 Cole Robinson 2016-04-21 21:08:29 UTC 
Patch sent upstream:

http://www.redhat.com/archives/libvir-list/2016-April/msg01538.html
Comment 2 Cole Robinson 2016-04-23 19:36:40 UTC 
I was wrong, that patch doesn't really change things here, I thought this report was about build time and not run time.

There still seems to be some issues here but I don't really see it as worth fixing: iptables/ebtables are so commonly available, and this will only hit cases where people are building by hand and not using distribution packages. So we could extend the code to handle it, but frankly I don't think it's worth the effort of implementing. That said if someone shows up on the list with a simple patch I'm sure it will be accepted