From 6f37cb80df44d06c9f11d2ad4a8c9e93c9806e2e Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 7 Apr 2017 15:11:14 +0100 Subject: [PATCH] Prevent test failures with ebtables/iptables/ip6tables are missing When running tests in a restricted container (as opposed to a full OS install), we can't assume ebtables/iptbles/ip6tables are going to be installed. We must check this and mark the tests as skipped. Signed-off-by: Daniel P. Berrange --- tests/networkxml2firewalltest.c | 13 +++++++++++++ tests/nwfilterebiptablestest.c | 13 +++++++++++++ tests/nwfilterxml2firewalltest.c | 12 ++++++++++++ tests/virfirewalltest.c | 13 +++++++++++++ 4 files changed, 51 insertions(+) diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c index 58a9516686..fed0e66391 100644 --- a/tests/networkxml2firewalltest.c +++ b/tests/networkxml2firewalltest.c @@ -108,6 +108,14 @@ testCompareXMLToIPTablesHelper(const void *data) return result; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -131,6 +139,11 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + ret = -1; goto cleanup; } diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c index 4357133783..6073423304 100644 --- a/tests/nwfilterebiptablestest.c +++ b/tests/nwfilterebiptablestest.c @@ -517,6 +517,14 @@ testNWFilterEBIPTablesApplyDropAllRules(const void *opaque ATTRIBUTE_UNUSED) return ret; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -526,6 +534,11 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + ret = -1; goto cleanup; } diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c index 95ab46e22e..3d6e792b70 100644 --- a/tests/nwfilterxml2firewalltest.c +++ b/tests/nwfilterxml2firewalltest.c @@ -445,6 +445,14 @@ testCompareXMLToIPTablesHelper(const void *data) return result; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) @@ -468,6 +476,10 @@ mymain(void) virFirewallSetLockOverride(true); if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) { + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } ret = -1; goto cleanup; } diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 0f703a6bdc..ac99b82437 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -1123,11 +1123,24 @@ testFirewallQuery(const void *opaque ATTRIBUTE_UNUSED) return ret; } +static bool +hasNetfilterTools(void) +{ + return virFileIsExecutable(IPTABLES_PATH) && + virFileIsExecutable(IP6TABLES_PATH) && + virFileIsExecutable(EBTABLES_PATH); +} + static int mymain(void) { int ret = 0; + if (!hasNetfilterTools()) { + fprintf(stderr, "iptables/ip6tables/ebtables tools not present"); + return EXIT_AM_SKIP; + } + # define RUN_TEST_DIRECT(name, method) \ do { \ struct testFirewallData data; \ -- GitLab