| Summary: | firewall-cmd --get-active-zones returns nothing | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Pavel Šimerda (pavlix) <psimerda> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | awilliam, bruno, dominick.grift, dwalsh, jpopelka, mgrepl, robatino, twoerner |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | selinux-policy-3.10.0-93.fc17 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-03-21 21:58:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 752649 | ||
|
Description
Pavel Šimerda (pavlix)
2012-03-19 10:50:02 UTC
Does it change when you turn of SELinux (setenforce 0) and restart firewalld (systemctl restart firewalld.service) ? Could be the same SELinux problem that I see: Mar 19 11:50:56 localhost NetworkManager[343]: <warn> (eth1) firewall zone add/change failed: (9) An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.4" (uid=0 pid=343 comm="/usr/sbin/NetworkManager --no-daemon --log-level=D") interface="org.fedoraproject.FirewallD1.zone" member="addInterface" error name="(unset)" requested_reply="0" destination="org.fedoraproject.FirewallD1" (uid=0 pid=331 comm="/usr/bin/python /usr/sbin/firewalld --nofork --deb") We should probably put a warning to the https://fedoraproject.org/wiki/QA:Testcase_firewalld_and_NetworkManager I have two fully updated F-17 test machines.. on both there is no problem with the interaction of firewalld and NetworkManager. Is the system updated completely (all testing packages applied)? All right, updating to selinux-policy-3.10.0-95.fc17 (from updates-testing) fixes the problem for me. This should be mentioned on the 'Test case 3' page. From selinux-policy-3.10.0-93.fc17 changelog: - Allow firewalld to dbus chat with networkmanager Confirmed. Re-opening this, because -93 was never pushed stable. -95 was submitted as an update but never made it to stable. -104 is pending push to stable. Re-opening this and proposing as a blocker: this is (I believe) the correct bug to track that we need at least selinux-policy -93 in the Beta (we'll actually take 104) to make sure IPv6 works. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers Reassigning to selinux-policy. selinux-policy 104 went stable, so closing again. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers -1 blocker -1 NTH Unless there are follow on affects to this issue, I don't think this hits any criteria. bruno: it prevented IPv6 working out-of-the-box (one among several bugs of this kind). -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers |