Bug 1720650

Summary:	testsuite should also use xtables-multi locking
Product:	Red Hat Enterprise Linux 7	Reporter:	Tomas Dolezal <todoleza>
Component:	firewalld	Assignee:	Eric Garver <egarver>
Status:	CLOSED ERRATA	QA Contact:	Tomas Dolezal <todoleza>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	7.7	CC:	egarver, jmaxwell, rkhan, sbrivio, todoleza
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	No Doc Update
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2020-03-31 20:00:54 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1723958

Description Tomas Dolezal 2019-06-14 12:57:56 UTC

Description of problem:
Occasionally, there is a race when executing testsuite in parallel '-j4' causing tests failure.

Version-Release number of selected component (if applicable):
firewalld-0.6.3-2.el7.noarch

How reproducible:
race condition, s390x, but also any other

Steps to Reproduce:
TESTSUITEFLAGS='-j4 62' make installcheck

Actual results:
62. icmp_block_in_forward_chain.at:1: testing ICMP block present FORWARD chain ...
./icmp_block_in_forward_chain.at:1: if ! cp /etc/firewalld/firewalld.conf ./firewalld.conf; then exit 77; fi
./icmp_block_in_forward_chain.at:1: sed -i 's/^CleanupOnExit.*/CleanupOnExit=no/' ./firewalld.conf
./icmp_block_in_forward_chain.at:1: ip netns add fwd-test-993
not running
2019-06-14 02:56:29 ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2019-06-14 02:56:29 ICMP type 'failed-policy' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
2019-06-14 02:56:29 ICMP type 'reject-route' is not supported by the kernel for ipv6.
2019-06-14 02:56:29 reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
running
./icmp_block_in_forward_chain.at:3:     env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-15613" ip netns exec fwd-test-993 firewall-cmd -q --zone=public --add-icmp-block=host-prohibited 
./icmp_block_in_forward_chain.at:4:     env DBUS_SYSTEM_BUS_ADDRESS="unix:abstract=firewalld-testsuite-dbus-system-socket-15613" ip netns exec fwd-test-993 iptables -L IN_public_deny | grep "host-prohibited" 
--- /dev/null	2019-06-14 02:32:15.571227632 -0400
+++ /tmp/tmp.wNg2ZPBFMa/rpmbuild/BUILD/firewalld-0.6.3/src/tests/testsuite.dir/at-groups/62/stderr	2019-06-14 02:56:32.205214286 -0400
@@ -0,0 +1 @@
+Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
stdout:
./icmp_block_in_forward_chain.at:4: exit code was 1, expected 0
62. icmp_block_in_forward_chain.at:1: 62. ICMP block present FORWARD chain (icmp_block_in_forward_chain.at:1): FAILED (icmp_block_in_forward_chain.at:4)

Expected results:
all calls to xtables-multi (iptables-restore, etc..) should use locking feature. Firewalld does that, the testsuite does not in this and possibly other cases.

Additional info:
testscript regression/icmp_block_in_forward_chain.at:
      4 m4_if(iptables, FIREWALL_BACKEND, [
      5     NS_CHECK([iptables -L IN_public_deny | grep "host-prohibited"], 0, ignore)
      6     NS_CHECK([iptables -L FWDI_public_deny | grep "host-prohibited"], 0, ignore)

Comment 2 Eric Garver 2019-06-14 15:57:23 UTC

Fixed upstream:

  e527818500be ("fix: tests: always list rules using macros")

Comment 9 errata-xmlrpc 2020-03-31 20:00:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1109