mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-03-21 10:50:24 +03:00
35eb484f8c
When libvirt added support for firewalld, all iptables/ebtables rules were added via the firewalld "passthrough" API when firewalld was enabled (the "firewalld backend"), or run directly by libvirt when firewalld was disabled (the so-called "direct backend"). virfirewalltest.c dutifully ran each test twice, once with the each backend enabled. But commit b19863640d changed the code to *always* directly run iptables/ebtables commands, and never use the firewalld passthrough API, effectively making the direct and firewalld backends identical, except that when libvirt receives notice that firewalld has restarted or reloaded its rules, the firewalld backend sends an extra "iptables -V" command via firewalld's passthrough API (and waits for a response) prior to running all the rest of the iptables commands directly; this assures that a newly-restarted firewalld has finished its work on the filter tables before libvirt starts messing with it. (Because this code is only executed in response to an event from dbus, it isn't tested in the unit tests). In spite of this, we still go through all the virfirewall tests twice though - once for the direct backend, and once for the firewalld backend, even though these take the same codepath. In commit b19863640d I had left this double-testing in thinking that someday we might go back to actually doing something useful with the firewalld backend in the course of adding support for native nftables, but I've now realized that for the case of nftables we will be *even more* divorced from firewalld, so there is really no point in keeping this code around any longer. (It's likely/probable that the tests will be done twice again in the future, but it will be enough different that it is better to remove this code and re-implement from scratch when adding the nftables backend, rather than trying to directly modify the existing code and end up with something even more confusing). This patch eliminates all the test duplication in virfirewalltest.c, including mocking dbus, which is unnecessary since none of the tests use dbus (for now we ensure that by explicitly setting the virfirewall backend to DIRECT before any of the tests have run. Eventually the concept of a "firewalld backend" will disappear completely, but that's for another patch.) Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
.. image:: https://gitlab.com/libvirt/libvirt/badges/master/pipeline.svg
:target: https://gitlab.com/libvirt/libvirt/pipelines
:alt: GitLab CI Build Status
.. image:: https://bestpractices.coreinfrastructure.org/projects/355/badge
:target: https://bestpractices.coreinfrastructure.org/projects/355
:alt: CII Best Practices
.. image:: https://translate.fedoraproject.org/widgets/libvirt/-/libvirt/svg-badge.svg
:target: https://translate.fedoraproject.org/engage/libvirt/
:alt: Translation status
==============================
Libvirt API for virtualization
==============================
Libvirt provides a portable, long term stable C API for managing the
virtualization technologies provided by many operating systems. It
includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
Hypervisor.
For some of these hypervisors, it provides a stateful management
daemon which runs on the virtualization host allowing access to the
API both by non-privileged local users and remote users.
Layered packages provide bindings of the libvirt C API into other
languages including Python, Perl, PHP, Go, Java, OCaml, as well as
mappings into object systems such as GObject, CIM and SNMP.
Further information about the libvirt project can be found on the
website:
https://libvirt.org
License
=======
The libvirt C API is distributed under the terms of GNU Lesser General
Public License, version 2.1 (or later). Some parts of the code that are
not part of the C library may have the more restrictive GNU General
Public License, version 2.0 (or later). See the files ``COPYING.LESSER``
and ``COPYING`` for full license terms & conditions.
Installation
============
Instructions on building and installing libvirt can be found on the website:
https://libvirt.org/compiling.html
Contributing
============
The libvirt project welcomes contributions in many ways. For most components
the best way to contribute is to send patches to the primary development
mailing list. Further guidance on this can be found on the website:
https://libvirt.org/contribute.html
Contact
=======
The libvirt project has two primary mailing lists:
* libvirt-users@redhat.com (**for user discussions**)
* libvir-list@redhat.com (**for development only**)
Further details on contacting the project are available on the website:
https://libvirt.org/contact.html