Bug 142655
| Summary: | fix scriptlets so they check for a mounted /proc | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sunny Dubey <sunny> |
| Component: | iptables | Assignee: | Thomas Woerner <twoerner> |
| Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | jbj |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Enhancement | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-03-18 16:26:59 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
%post only triggers a "/sbin/chkconfig --add iptables". Where exactly is the problem? Beats me,
this was jbj's idea and he requested I submit this bug.
Closing as NOT A BUG. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux; en_US) (KHTML, like Gecko) Description of problem: Fix the iptables scriptlet so that it checks for a mounted /proc before issuing any commands. (This is to prevent from a chroot()'ed install of iptables from issuing commands that might affect the host). IRC conversation with jbj@redhat as follows; <jbj> iptables shares global state in the kerenl in spite of chroot. the fix will be to change the scriptlet somehow <jbj> so scriptlet running in chroot changes the kernel table. <jbj> perhaps quick and dirty test for /proc mounted in scriptlet is easiest. <jbj> presuming that /proc is not mounted in chroot. <jbj> a real test for running in chroot will perhaps need changes to rpm. <jbj> RFE at bugzilla.redhat.com please so that I don't forget. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: rpm -ivh iptables* --root /path Actual Results: iptables will install ... and the scriptlets will be run (which may cause issues on the host, because they are really being run on the host). Additional info: