[pve-devel] [PATCH common] Use run_command instead of system

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon May 2 15:03:03 CEST 2016


and explicitly note that those calls are allowed to fail and
are wrapped in eval {} on purpose.
---
this makes the whole thing more consistent and fixes a strange,
spurious issue relating to system and perl's tainted mode.

 src/PVE/Network.pm | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm
index bda2067..be26132 100644
--- a/src/PVE/Network.pm
+++ b/src/PVE/Network.pm
@@ -76,10 +76,11 @@ our $ipv4_mask_hash_localnet = {
 sub setup_tc_rate_limit {
     my ($iface, $rate, $burst, $debug) = @_;
 
-    system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1");
-    system("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1");
-    system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1");
-    system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1");
+    # these are allowed / expected to fail, e.g. when there is no previous rate limit to remove
+    eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); };
+    eval { run_command("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1"); };
+    eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); };
+    eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); };
 
     return if !$rate;
 
-- 
2.1.4





More information about the pve-devel mailing list