Bug 902845

Summary: Can't set up default zone permanently
Product: [Fedora] Fedora Reporter: Balint Szigeti <balint.szgt>
Component: firewalldAssignee: Thomas Woerner <twoerner>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 18CC: jpopelka, twoerner
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-01 16:34:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Balint Szigeti 2013-01-22 14:18:34 UTC 
Description of problem:
The firewalld always forget the settings.

Version-Release number of selected component (if applicable):
Fedora 18
firewalld-0.2.12-1.fc18.noarch

How reproducible:
 

Steps to Reproduce:
1. Set up default zone from "public" to "home".
2. Restart the firwall service.
3.
  
Actual results:
The deamon after restart rewrites the /etc/firewalld/firewalld.conf's DefaultZone entry's value.

Expected results:
The deamon doesn't rewrite the conf file and the firewall-cmd can be able to set default zone permanently.

Additional info:
Comment 1 Jiri Popelka 2013-01-22 15:37:12 UTC 
Sorry, fixed upstream:
http://git.fedorahosted.org/cgit/firewalld.git/commit/?id=0a9017067bd04a1370faa461ceede31316f1caaa

Balint, can you test that this command (it's all one command, run it as root) fixes the problem ? Thanks.

sed -iorig 's/self._config.get(key.strip())/return self._config.get(key.strip())/' /usr/lib/python2.7/site-packages/firewall/core/io/firewalld_conf.py
Comment 2 Balint Szigeti 2013-01-22 17:06:37 UTC 
hey, it works. The firewall remember the default zone but after the restart I got a SElinux Alert:
Raw Audit Messages
type=AVC msg=audit(1358874229.315:2977): avc:  denied  { write } for  pid=15194 comm="firewalld" name="io" dev="sda1" ino=2752963 scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=dir


type=SYSCALL msg=audit(1358874229.315:2977): arch=x86_64 syscall=unlink success=no exit=EACCES a0=7fffe80e56d0 a1=32350 a2=50fec63b a3=309a7b9060 items=0 ppid=1 pid=15194 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=firewalld exe=/usr/bin/python2.7 subj=system_u:system_r:firewalld_t:s0 key=(null)

Hash: firewalld,firewalld_t,lib_t,dir,write
Comment 3 Fedora Update System 2013-01-22 19:19:41 UTC 
firewalld-0.2.12-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/firewalld-0.2.12-2.fc18
Comment 4 Fedora Update System 2013-01-23 16:15:36 UTC 
Package firewalld-0.2.12-2.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing firewalld-0.2.12-2.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-1342/firewalld-0.2.12-2.fc18
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2013-02-01 16:34:26 UTC 
firewalld-0.2.12-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.