[pve-devel] [PATCH v2 pve-firewall 1/5] don't update if /etc/pve is not mounted

[Alexandre Derumier]

---
 src/PVE/Firewall.pm | 2 ++
 src/pvefw-logger.c  | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 39f79d4..94f1bd0 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -4186,6 +4186,8 @@ sub init {
 sub update {
     my $code = sub {
 
+        return if !PVE::Cluster::check_cfs_is_mounted(1);
+
 	my $cluster_conf = load_clusterfw_conf();
 	my $cluster_options = $cluster_conf->{options};
 
diff --git a/src/pvefw-logger.c b/src/pvefw-logger.c
index f77f56f..89c9635 100644
--- a/src/pvefw-logger.c
+++ b/src/pvefw-logger.c
@@ -944,7 +944,7 @@ nfct_cb(const struct nlmsghdr *nlh,
 
     queue_log_entry(le);
 
-    return NFCT_CB_STOP;
+    return NFCT_CB_CONTINUE;
 }
 
 static gboolean
@@ -956,7 +956,7 @@ nfct_read_cb(GIOChannel *source,
     if ((res = nfct_catch(nfcth)) < 0) {
         if (errno == ENOBUFS) {
             log_status_message(3, "nfct_catch returned ENOBUFS: conntrack information may be incomplete");
-        } else {
+        } else if (errno != EAGAIN) {
             log_status_message(3, "error catching nfct: %s", strerror(errno));
             return FALSE;
         }
@@ -1151,6 +1151,8 @@ main(int argc, char *argv[])
     if (conntrack) {
         nfct_callback_register2(nfcth, NFCT_T_NEW|NFCT_T_DESTROY, &nfct_cb, NULL);
         int nfctfd = nfct_fd(nfcth);
+        int status_flags = fcntl(nfctfd, F_GETFL);
+        fcntl(nfctfd, F_SETFL, status_flags | O_NONBLOCK);
         GIOChannel *nfct_ch = g_io_channel_unix_new(nfctfd);
         g_io_add_watch(nfct_ch, G_IO_IN, nfct_read_cb, NULL);
     }
-- 
2.11.0