[pve-devel] applied: [PATCH firewall] fix reading host.fw through IPCC interface

[Alexandre DERUMIER]

Thanks Thomas for working on this.

I'll test it this week.
----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 19 Avril 2019 06:55:17
Objet: [pve-devel] applied: [PATCH firewall] fix reading host.fw through IPCC interface

IPCC has no knowledge about FUSE based links, but we used 
'local/host.fw' here, where local is always a link to 
'nodes/<LOCAL-NODENAME>/', this works only when using the common file 
system interface provided by FUSE, but not if we're talking directly 
with our memdb file store through IPCC.. 

So use a nodename based path here, to avoid getting just empty 
strings for host.fw. 

fixes commit 0dbef53046fade02efec143d3b7a0f4f9021b618 

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com> 
--- 
src/PVE/Firewall.pm | 2 +- 
1 file changed, 1 insertion(+), 1 deletion(-) 

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm 
index 2108567..1607b74 100644 
--- a/src/PVE/Firewall.pm 
+++ b/src/PVE/Firewall.pm 
@@ -23,7 +23,6 @@ use PVE::SafeSyslog; 
use PVE::Tools qw($IPV4RE $IPV6RE); 
use PVE::Tools qw(run_command lock_file dir_glob_foreach); 

-my $hostfw_conf_filename = "/etc/pve/local/host.fw"; 
my $pvefw_conf_dir = "/etc/pve/firewall"; 
my $clusterfw_conf_filename = "$pvefw_conf_dir/cluster.fw"; 

@@ -127,6 +126,7 @@ eval { 
}; 

my $nodename = PVE::INotify::nodename(); 
+my $hostfw_conf_filename = "/etc/pve/nodes/$nodename/host.fw"; 

my $pve_fw_lock_filename = "/var/lock/pvefw.lck"; 

-- 
2.20.1 


_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel