[lxc-devel] [lxd/master] lxd/firewall/nft: Enhance support detection

Fri, 29 May 2020 12:30:14 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7471

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>

From 2f468ffc6d136329e762f44b5f6753b28dd4f39c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Fri, 29 May 2020 15:29:05 -0400
Subject: [PATCH] lxd/firewall/nft: Enhance support detection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/firewall/drivers/drivers_nftables.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lxd/firewall/drivers/drivers_nftables.go 
b/lxd/firewall/drivers/drivers_nftables.go
index 5b99d3b292..80ce581a07 100644
--- a/lxd/firewall/drivers/drivers_nftables.go
+++ b/lxd/firewall/drivers/drivers_nftables.go
@@ -10,6 +10,7 @@ import (
        "strings"
        "text/template"
 
+       "github.com/pborman/uuid"
        "github.com/pkg/errors"
 
        deviceConfig "github.com/lxc/lxd/lxd/device/config"
@@ -75,6 +76,19 @@ func (d Nftables) Compat() (bool, error) {
                return false, fmt.Errorf("nft version %q is too low, need %q or 
above", nftVersion, nftablesMinVersion)
        }
 
+       // Check that nftables works at all (some kernels let you list ruleset 
despite missing support).
+       testTable := fmt.Sprintf("lxd_test_%s", uuid.New())
+
+       _, err = shared.RunCommandCLocale("nft", "create", "table", testTable)
+       if err != nil {
+               return false, errors.Wrapf(err, "Failed to create a dummy 
table")
+       }
+
+       _, err = shared.RunCommandCLocale("nft", "delete", "table", testTable)
+       if err != nil {
+               return false, errors.Wrapf(err, "Failed to delete a dummy 
table")
+       }
+
        // Check whether in use by parsing ruleset and looking for existing 
rules.
        ruleset, err := d.nftParseRuleset()
        if err != nil {

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to