From 22a1dd9591c4bc877a1dc4c9f61286a4f4b0527a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Tue, 12 Nov 2013 13:18:54 +0100
Subject: [PATCH] Disable nwfilter driver when running unprivileged

When opening a new connection to the driver, nwfilterOpen
only succeeds if the driverState has been allocated.

Move the privilege check in driver initialization before
the state allocation to disable the driver.

This changes the nwfilter-define error from:
error: cannot create config directory (null): Bad address
To:
this function is not supported by the connection driver:
virNWFilterDefineXML

https://bugzilla.redhat.com/show_bug.cgi?id=1029266
(cherry picked from commit b7829f959b33c6e32422222a9ed745c0da7dc696)
---
 src/nwfilter/nwfilter_driver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index d25c6f2be0..0a4d605468 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -174,6 +174,9 @@ nwfilterStateInitialize(bool privileged,
     char *base = NULL;
     DBusConnection *sysbus = NULL;
 
+    if (!privileged)
+        return 0;
+
 #if WITH_DBUS
     if (virDBusHasSystemBus())
         sysbus = virDBusGetSystemBus();
@@ -189,9 +192,6 @@ nwfilterStateInitialize(bool privileged,
     driverState->watchingFirewallD = (sysbus != NULL);
     driverState->privileged = privileged;
 
-    if (!privileged)
-        return 0;
-
     nwfilterDriverLock(driverState);
 
     if (virNWFilterIPAddrMapInit() < 0)
-- 
GitLab