From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: kai.kang@windriver.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [PATCH] libvirt: set firewall backend priority
Date: Mon, 1 Dec 2025 23:44:36 -0500 [thread overview]
Message-ID: <aS5utFRSiZDsSaFq@gmail.com> (raw)
In-Reply-To: <20251126072914.2711374-1-kai.kang@windriver.com>
staged to master-next.
Bruce
In message: [PATCH] libvirt: set firewall backend priority
on 26/11/2025 kai.kang@windriver.com wrote:
> From: Kai Kang <kai.kang@windriver.com>
>
> If firewall_backend isn't configured in the config file, libvirt will
> choose the first available backend from the following list by default:
>
> [nftables, iptables]
>
> so when nftables is installed in image, firewall backend nftables rather
> than iptables is adopted.
>
> Add a PACKAGECONFIG to set the firewall backend priority. And update
> runtime dependencies for backend nftables.
>
> Signed-off-by: Kai Kang <kai.kang@windriver.com>
> ---
> recipes-extended/libvirt/libvirt_git.bb | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
> index 681ceade..e9359e1e 100644
> --- a/recipes-extended/libvirt/libvirt_git.bb
> +++ b/recipes-extended/libvirt/libvirt_git.bb
> @@ -15,7 +15,9 @@ DEPENDS = "bridge-utils gnutls libxml2 lvm2 avahi parted curl libpcap util-linux
> #
> RDEPENDS:${PN} = "gettext-runtime"
>
> -RDEPENDS:libvirt-libvirtd += "bridge-utils iptables pm-utils dnsmasq netcat-openbsd ebtables"
> +RDEPENDS:libvirt-libvirtd += "bridge-utils pm-utils dnsmasq netcat-openbsd ebtables \
> + ${@bb.utils.contains('PACKAGECONFIG', 'nftables', 'nftables iproute2-tc', 'iptables', d)} \
> + "
> RDEPENDS:libvirt-libvirtd:append:x86-64 = " dmidecode"
> RDEPENDS:libvirt-libvirtd:append:x86 = " dmidecode"
> RDEPENDS:libvirt-libvirtd:append:arm = " dmidecode"
> @@ -175,6 +177,7 @@ PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, -Dapparmor_prof
> PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled,"
> PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
> PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
> +PACKAGECONFIG[nftables] = ""
>
> # Enable the Python tool support
> require libvirt-python.inc
> @@ -313,6 +316,7 @@ do_install:append() {
>
> EXTRA_OEMESON += " \
> -Dinit_script=${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','none', d)} \
> + -Dfirewall_backend_priority=${@bb.utils.contains('PACKAGECONFIG','nftables','nftables,iptables','iptables,nftables', d)} \
> -Drunstatedir=/run \
> -Dtests=enabled \
> "
> --
> 2.34.1
>
prev parent reply other threads:[~2025-12-02 4:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-26 7:29 [PATCH] libvirt: set firewall backend priority kai.kang
2025-12-02 4:44 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aS5utFRSiZDsSaFq@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=kai.kang@windriver.com \
--cc=meta-virtualization@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox