Bug 1259864 - firewall rules in kickstart script are overwritten due to lokkit -f call in /usr/lib/python2.6/site-packages/imgcreate/kickstart.py
firewall rules in kickstart script are overwritten due to lokkit -f call in /...
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: livecd-tools (Show other bugs)
el6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Brian Lane
Fedora Extras Quality Assurance
:
: 1259862 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-03 12:41 EDT by Richard Clark
Modified: 2016-02-04 17:55 EST (History)
4 users (show)

See Also:
Fixed In Version: livecd-tools-13.4.9 livecd-tools-13.4.9-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-02-04 17:55:51 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch lokkit call to not overwrite (483 bytes, patch)
2015-09-03 12:41 EDT, Richard Clark
no flags Details | Diff

  None (edit)
Description Richard Clark 2015-09-03 12:41:40 EDT
Created attachment 1069991 [details]
patch lokkit call to not overwrite

Description of problem: When creating an image using a kickstart script, using the standard notation (e.g: firewall --enabled --service ssh), the iptables config file (/etc/sysconfig/iptables) in the resulting image does not contain the ssh rule. It appears that this is overwritten by lokkit, and our "correct" configuration file gets written to /etc/sysconfig/iptables.old

There appear to be several fedora-related bugs, such as https://bugzilla.redhat.com/show_bug.cgi?id=769457

Version-Release number of selected component (if applicable): python-imgcreate-13.4.8-1

There is an older patch in the EL6 spec added in 2012 that removes the "-f" switch from lokkit being called in context of updating the firewall - only thing I can think of is that for some reason newer versions imgcreate is now running lokkit for selinux  _after_ the firewall has been configured, so overwriting firewall config.

Attached patch is basically the same as the older one, but removes the "-f" switch from lokkit in context of updating selinux config.
Comment 1 Brian Lane 2015-09-08 13:04:11 EDT
*** Bug 1259862 has been marked as a duplicate of this bug. ***
Comment 2 Brian Lane 2015-09-08 13:10:41 EDT
Looks like this needs commit d00a4d83188fbc911bd55954a2011c91b650128f
Comment 3 Fedora Update System 2015-11-10 20:31:25 EST
livecd-tools-13.4.9-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b5ec93dc2b
Comment 4 Fedora Update System 2015-11-11 14:17:20 EST
livecd-tools-13.4.9-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'yum --enablerepo=epel-testing update livecd-tools'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-b5ec93dc2b
Comment 5 Fedora Update System 2016-02-04 17:55:48 EST
livecd-tools-13.4.9-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.