* [PATCH] libvirt: set firewall backend priority
@ 2025-11-26 7:29 kai.kang
2025-12-02 4:44 ` Bruce Ashfield
0 siblings, 1 reply; 2+ messages in thread
From: kai.kang @ 2025-11-26 7:29 UTC (permalink / raw)
To: bruce.ashfield; +Cc: meta-virtualization
From: Kai Kang <kai.kang@windriver.com>
If firewall_backend isn't configured in the config file, libvirt will
choose the first available backend from the following list by default:
[nftables, iptables]
so when nftables is installed in image, firewall backend nftables rather
than iptables is adopted.
Add a PACKAGECONFIG to set the firewall backend priority. And update
runtime dependencies for backend nftables.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
recipes-extended/libvirt/libvirt_git.bb | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
index 681ceade..e9359e1e 100644
--- a/recipes-extended/libvirt/libvirt_git.bb
+++ b/recipes-extended/libvirt/libvirt_git.bb
@@ -15,7 +15,9 @@ DEPENDS = "bridge-utils gnutls libxml2 lvm2 avahi parted curl libpcap util-linux
#
RDEPENDS:${PN} = "gettext-runtime"
-RDEPENDS:libvirt-libvirtd += "bridge-utils iptables pm-utils dnsmasq netcat-openbsd ebtables"
+RDEPENDS:libvirt-libvirtd += "bridge-utils pm-utils dnsmasq netcat-openbsd ebtables \
+ ${@bb.utils.contains('PACKAGECONFIG', 'nftables', 'nftables iproute2-tc', 'iptables', d)} \
+ "
RDEPENDS:libvirt-libvirtd:append:x86-64 = " dmidecode"
RDEPENDS:libvirt-libvirtd:append:x86 = " dmidecode"
RDEPENDS:libvirt-libvirtd:append:arm = " dmidecode"
@@ -175,6 +177,7 @@ PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, -Dapparmor_prof
PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled,"
PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
+PACKAGECONFIG[nftables] = ""
# Enable the Python tool support
require libvirt-python.inc
@@ -313,6 +316,7 @@ do_install:append() {
EXTRA_OEMESON += " \
-Dinit_script=${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','none', d)} \
+ -Dfirewall_backend_priority=${@bb.utils.contains('PACKAGECONFIG','nftables','nftables,iptables','iptables,nftables', d)} \
-Drunstatedir=/run \
-Dtests=enabled \
"
--
2.34.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] libvirt: set firewall backend priority
2025-11-26 7:29 [PATCH] libvirt: set firewall backend priority kai.kang
@ 2025-12-02 4:44 ` Bruce Ashfield
0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2025-12-02 4:44 UTC (permalink / raw)
To: kai.kang; +Cc: meta-virtualization
staged to master-next.
Bruce
In message: [PATCH] libvirt: set firewall backend priority
on 26/11/2025 kai.kang@windriver.com wrote:
> From: Kai Kang <kai.kang@windriver.com>
>
> If firewall_backend isn't configured in the config file, libvirt will
> choose the first available backend from the following list by default:
>
> [nftables, iptables]
>
> so when nftables is installed in image, firewall backend nftables rather
> than iptables is adopted.
>
> Add a PACKAGECONFIG to set the firewall backend priority. And update
> runtime dependencies for backend nftables.
>
> Signed-off-by: Kai Kang <kai.kang@windriver.com>
> ---
> recipes-extended/libvirt/libvirt_git.bb | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
> index 681ceade..e9359e1e 100644
> --- a/recipes-extended/libvirt/libvirt_git.bb
> +++ b/recipes-extended/libvirt/libvirt_git.bb
> @@ -15,7 +15,9 @@ DEPENDS = "bridge-utils gnutls libxml2 lvm2 avahi parted curl libpcap util-linux
> #
> RDEPENDS:${PN} = "gettext-runtime"
>
> -RDEPENDS:libvirt-libvirtd += "bridge-utils iptables pm-utils dnsmasq netcat-openbsd ebtables"
> +RDEPENDS:libvirt-libvirtd += "bridge-utils pm-utils dnsmasq netcat-openbsd ebtables \
> + ${@bb.utils.contains('PACKAGECONFIG', 'nftables', 'nftables iproute2-tc', 'iptables', d)} \
> + "
> RDEPENDS:libvirt-libvirtd:append:x86-64 = " dmidecode"
> RDEPENDS:libvirt-libvirtd:append:x86 = " dmidecode"
> RDEPENDS:libvirt-libvirtd:append:arm = " dmidecode"
> @@ -175,6 +177,7 @@ PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, -Dapparmor_prof
> PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled,"
> PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
> PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
> +PACKAGECONFIG[nftables] = ""
>
> # Enable the Python tool support
> require libvirt-python.inc
> @@ -313,6 +316,7 @@ do_install:append() {
>
> EXTRA_OEMESON += " \
> -Dinit_script=${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','none', d)} \
> + -Dfirewall_backend_priority=${@bb.utils.contains('PACKAGECONFIG','nftables','nftables,iptables','iptables,nftables', d)} \
> -Drunstatedir=/run \
> -Dtests=enabled \
> "
> --
> 2.34.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-12-02 4:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-11-26 7:29 [PATCH] libvirt: set firewall backend priority kai.kang
2025-12-02 4:44 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.