Bug 980390
Summary: | If I install openswan package, after collecting sosreport, iptables will be started even though iptables is stopped and chkconfig off before collecting the sosreport. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Chen <cchen> |
Component: | openswan | Assignee: | Paul Wouters <pwouters> |
Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.4 | CC: | agk, bmr, eparis, gavin, iptables-maint-list |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-07-23 19:34:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chen
2013-07-02 08:53:16 UTC
Per my investigation, first we have # cat /usr/lib/python2.6/site-packages/sos/plugins/openswan.py self.collectExtOutput("/usr/sbin/ipsec barf") Then, in /usr/libexec/ipsec/barf we have # cat /usr/libexec/ipsec/barf if test -r /sbin/iptables-save then iptables-save _________________________ iptables-nat iptables-save -t nat _________________________ iptables-mangle iptables-save -t mangle After iptables-save -t nat, the iptables is started. I think we should do something to stop iptables from being started after collecting sosreport. Best regards, Chen This is a bug in ipsec's barf command. It should not modify system state. Please report a bug against the openswan pacakge (or move this bug to that component). We are already intending to disable ipsec barf collection in sos due to bug 924925 (openswan bug 771612). Marking this bug as a duplicate. This has been fixed for 6.5 *** This bug has been marked as a duplicate of bug 954249 *** |