When building libvirt with a -firewalld flag, ebtables is not pulled in as a dependency, which makes an error when firing the daemon Reproducible: Always Steps to Reproduce: 1. emerge -c ebtables 2. USE="-firewalld" emerge -a libvirt 3. systemctl start libvirtd 4. systemctl status libvirtd Actual Results: The logs give a "direct firewall backend requested, but /sbin/ebtables is not available: No such file or directory" error Expected Results: No error
Created attachment 405632 [details] Error log information
Created attachment 405634 [details] libvirt build information
This also applies to iptables that must nowadays be present. I've updated the dependencies in 1.2.17-r1 and 9999 and will stabilize version 1.2.17-r1 soon. *libvirt-1.2.17-r1 (25 Jul 2015) 25 Jul 2015; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.17-r1.ebuild, -libvirt-1.2.16-r2.ebuild, -libvirt-1.2.17.ebuild, libvirt-9999.ebuild, metadata.xml: drop old; use readme.gentoo for all elog messages; fix dependencies wrt ebtables and iptables, bug #553120; add apparmor use flag, bug #554628
Is >=net-firewall/iptables-1.4.10[ipv6] hard dependency really necessary ? Into my kernel, I do not have netfilter enabled nor ipv6, so why do I need to install this package ?
(In reply to Matthias Maier from comment #3) > This also applies to iptables that must nowadays be present. I've updated > the dependencies in 1.2.17-r1 and 9999 and will stabilize version 1.2.17-r1 > soon. > > *libvirt-1.2.17-r1 (25 Jul 2015) > > 25 Jul 2015; Matthias Maier <tamiko@gentoo.org> +libvirt-1.2.17-r1.ebuild, > -libvirt-1.2.16-r2.ebuild, -libvirt-1.2.17.ebuild, libvirt-9999.ebuild, > metadata.xml: > drop old; use readme.gentoo for all elog messages; fix dependencies wrt > ebtables and iptables, bug #553120; add apparmor use flag, bug #554628 I believe these changes wrt to ebtables and iptables are incorrect. They still belong under the USE=virt-network. USE=virt-network is for when the user wants any of the "virsh help network" functionality. The error message in question can only be triggered when someone has setup a network configuration. If you're using plain passthru networking its still unnecessary. While we don't have ben.c.schubert@gmail.com's configs I'd be willing to bet if he gave us the output of "virsh net-list" we would see networks defined that his system depends on.
(In reply to Doug Goldstein from comment #5) > > I believe these changes wrt to ebtables and iptables are incorrect. I had tested for this dependency with the default USE flag set in a plain stage-3. At least I thought it was a pristine stage-3. I must have accidentally hit an lxc container that already had a network configuration around... Long story short, yes - this was incorrect. I suggest we put the dependencies back in place for 1.2.19. We can also do so for 1.2.17-r5, but I suggest to not 1.2.18-r1 as it is already stabilized.
I have updated 1.2.19-r1 and 9999. commit 904b4b9479e6741d598bacf0caaf301e31e78cb8 Author: Matthias Maier <tamiko@gentoo.org> Date: Sat Oct 3 13:12:09 2015 -0500 app-emulation/libvirt: Fix dependencies in 1.2.19-r1, bug 553120 The hard dependencies on iptables and ebtables are wrong, put them back into the virt-network? ( ) clause. Gentoo-Bug: 553120 Package-Manager: portage-2.2.22
I can't reproduce this issue anymore. I did some changes to my system and once reinstalled to try to reproduce, I could not. All I can recall is that I did not have the virsh command installed.