Bug 1029266
| Summary: | Error message is not clear for command nwfilter-define under non-root user. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | zhengqin <zsong> |
| Component: | libvirt | Assignee: | Ján Tomko <jtomko> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | dyuan, honzhang, jtomko, mzhan, rbalakri, tzheng, ydu, zhwang |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-1.2.7-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 07:25:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
zhengqin
2013-11-12 02:44:40 UTC
Upstream patch proposed: https://www.redhat.com/archives/libvir-list/2013-November/msg00368.html Fixed upstream by:
commit b7829f959b33c6e32422222a9ed745c0da7dc696
Author: Ján Tomko <jtomko>
AuthorDate: 2013-11-12 13:18:54 +0100
Commit: Ján Tomko <jtomko>
CommitDate: 2013-11-13 09:41:57 +0100
Disable nwfilter driver when running unprivileged
When opening a new connection to the driver, nwfilterOpen
only succeeds if the driverState has been allocated.
Move the privilege check in driver initialization before
the state allocation to disable the driver.
This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML
https://bugzilla.redhat.com/show_bug.cgi?id=1029266
git describe: v1.1.4-79-gb7829f9
I can reproduce this issue with libvirt-1.1.1-11.el7.x86_64 follow the comment0's step $ virsh nwfilter-define disallow-arp.xml error: Failed to define network filter from disallow-arp.xml error: cannot create config directory (null): Bad address Verify with the libvirt-1.2.8-8.el7.x86_64, could get the expect result, so the bug has been fixed, the verify steps like following : 1.cat disallow-arp.xml <filter name='disallow-arp1' chain='arp'> <rule action='drop' direction='inout' priority='500'/> </filter> $ virsh nwfilter-define disallow-arp.xml error: Failed to define network filter from disallow-arp.xml error: this function is not supported by the connection driver: virNWFilterDefineXML 2.check the nwfilter with the non-root user $ virsh nwfilter-list error: Failed to count network filters error: this function is not supported by the connection driver: virConnectNumOfNWFilters 3.give the normal permission to connect the libvirt system instance $ virsh -c qemu:///system nwfilter-list UUID Name ------------------------------------------------------------------ 2380965c-3aef-40e6-9cbc-67c3965c3bd7 allow-arp 3457b66c-597d-4c81-be19-a01f631ef99b allow-dhcp 7086bb44-f181-4d9f-848e-e4e6ac02df41 allow-dhcp-server 92ffef96-0a2c-4342-acfc-8d21b8b0d430 allow-incoming-ipv4 473a3110-5220-4768-bbf4-5f80a29168b4 allow-ipv4 2dbd5ee5-b032-4575-bede-0a4caba01af1 clean-traffic 8075af04-d48d-4a55-a7f0-d18ccc18d48e no-arp-ip-spoofing 06b71196-4f69-4972-ba0c-f15d97d67791 no-arp-mac-spoofing 4151e04a-b861-4781-8174-a4162cdf10a9 no-arp-spoofing f010bcaf-8b0a-4368-b418-3c1711ed5342 no-ip-multicast fa00719a-9369-414f-80a9-0a84c820a4d3 no-ip-spoofing c8dfbf17-a884-46df-8139-361fc080f337 no-mac-broadcast 8bb6ec95-0784-4fa8-93d4-57db0c6108d6 no-mac-spoofing 703831ec-521d-4b5c-b50a-8ab2c4120671 no-other-l2-traffic 566580f1-dedb-4cc9-a237-f9b50deabf97 no-other-rarp-traffic 44b28a60-1073-4030-b349-0c6f5190cd92 qemu-announce-self 23f082a2-57c1-4de6-868d-4fcfc7b27282 qemu-announce-self-rarp fac813ac-bdfa-4f37-91af-261a74011002 vdsm-no-mac-spoofing 4.check the nwfitler's info with non-root user, get the expect error $ virsh nwfilter-dumpxml 2380965c-3aef-40e6-9cbc-67c3965c3bd7 error: failed to get nwfilter '2380965c-3aef-40e6-9cbc-67c3965c3bd7' error: this function is not supported by the connection driver: virNWFilterLookupByName $ virsh nwfilter-dumpxml vdsm-no-mac-spoofing error: failed to get nwfilter 'vdsm-no-mac-spoofing' error: this function is not supported by the connection driver: virNWFilterLookupByName 5.delete the nwfilter with non-root user, get the expect error $ virsh nwfilter-undefine qemu-announce-self-rarp error: failed to get nwfilter 'qemu-announce-self-rarp' error: this function is not supported by the connection driver: virNWFilterLookupByName 6.edit the nwfilter with the non-root user, get the expect error $ virsh nwfilter-edit qemu-announce-self error: failed to get nwfilter 'qemu-announce-self' error: this function is not supported by the connection driver: virNWFilterLookupByName Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0323.html |