Bug 878959

Summary: firewall-config can't set permanent rule
Product: [Fedora] Fedora Reporter: Haïkel Guémar <karlthered>
Component: firewalldAssignee: Thomas Woerner <twoerner>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: awilliam, jpopelka, mattdm, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: RejectedNTH
Fixed In Version: firewalld-0.2.11-1.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-15 12:33:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Haïkel Guémar 2012-11-21 16:31:26 UTC 
Description of problem: 
Can't set permanent rule with firewall-config


Version-Release number of selected component (if applicable):
0.2.9

How reproducible:
Try to set a permanent action with firewall-config
firewall-cmd --permanent --zone=public --add-port=5555/tcp

  
Actual results:
The permanent rule is not set and it displays an error:
"Error: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: IO_Object_XMLGenerator instance has no attribute '_write'"

Expected results:
Permanent rule is set

Additional info:
According to twoerner on the #firewalld channel, it could be linked to PyXML (0.8.4-28 installed) which overloads standard library's xml module
Comment 1 Thomas Woerner 2012-11-21 16:41:01 UTC 
Fixed in GIT: http://git.fedorahosted.org/cgit/firewalld.git/commit/?id=1bbb7e0415b1f107ae2df186fba5877f131117a0
Comment 2 Thomas Woerner 2012-11-21 17:58:05 UTC 
This is an other PyXML vs. Python xml compability problem.
Comment 3 Haïkel Guémar 2012-11-21 18:25:14 UTC 
I confirm that the following patch does fix the issue when PyXML is installed. 
If you don't have PyXML installed, it should work fine (i also tried by removing PyXML and restarting firewalld daemon).

From my point of view, it could be safely pushed into F18 repositories.
Comment 4 Adam Williamson 2012-11-21 18:44:06 UTC 
Discussed at 2012-11-21 NTH review meeting. Agreed this is something that can be fixed with an update, no need to be in the shipped images, so rejected NTH.
Comment 5 Matthew Miller 2012-11-21 19:07:44 UTC 
See also https://bugzilla.redhat.com/show_bug.cgi?id=843176 -- we need to burn PyXML with fire.