Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1530598

Summary: system-config-printer doesn't react to ALREADY_ENABLED firewall exception
Product: Red Hat Enterprise Linux 7 Reporter: Petr Sklenar <psklenar>
Component: system-config-printerAssignee: Zdenek Dohnal <zdohnal>
Status: CLOSED ERRATA QA Contact: Petr Sklenar <psklenar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.5CC: egarver, lmiksik, psklenar, thozza, todoleza, zdohnal
Target Milestone: rcKeywords: Patch, Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: system-config-printer-1.4.1-21.el7 Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 18:26:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
abrt; tar -zcvf bz1530598.tar.gz /var/spool/abrt/Python-2018-01-03-12:59:27-3545
none
Upstream patch none

Description Petr Sklenar 2018-01-03 13:06:32 UTC 
Description of problem:
system-config-printer cannot adjust firewall


Version-Release number of selected component (if applicable):
system-config-printer-1.4.1-20.el7
firewalld-0.4.4.4-14.el7.noarch
python-firewall-0.4.4.4-14.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. system-config-printer
2. click +, add printer
3. there is dialog "adjust printer"
4. click "adjust"


Actual results:
termninal :
Traceback (most recent call last):
  File "/usr/share/system-config-printer/newprinter.py", line 1982, in adjust_firewall_response
    self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE)
  File "/usr/share/system-config-printer/firewallsettings.py", line 121, in add_service
    self._fw_data.addService (service)
  File "<string>", line 2, in addService
  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 53, in handle_exceptions
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 139, in addService
    raise FirewallError(errors.ALREADY_ENABLED, service)
firewall.errors.FirewallError: ALREADY_ENABLED: ipp



-----------------
 abrt-cli list --since 1514980649
id c200884090ff7f0eae558e058d3bcacc24022fc1
reason:         client.py:139:addService:FirewallError: ALREADY_ENABLED: ipp
time:           Wed 03 Jan 2018 12:59:27 PM CET
cmdline:        /usr/bin/python /usr/share/system-config-printer/system-config-printer.py
package:        system-config-printer-1.4.1-20.el7
uid:            0 (root)
count:          5
Directory:      /var/spool/abrt/Python-2018-01-03-12:59:27-3545
Run 'abrt-cli report /var/spool/abrt/Python-2018-01-03-12:59:27-3545' for creating a case in Red Hat Customer Portal

The Autoreporting feature is disabled. Please consider enabling it by issuing
'abrt-auto-reporting enabled' as a user with root privileges

------------
/var/spool/mail/root

From user  Wed Jan  3 14:00:57 2018
Return-Path: <user>
X-Original-To: root@localhost
Delivered-To: root
Received: by localhost.localdomain (Postfix, from userid 0)
	id A1C93B634; Wed,  3 Jan 2018 14:00:57 +0100 (CET)
Date: Wed, 03 Jan 2018 14:00:57 +0100
From: user
To: root
Subject: [abrt] system-config-printer:
 client.py:139:addService:FirewallError: ALREADY_ENABLED: ipp
Message-ID: <5a4cd409.UnBXY0STsNGk3HDs%user@localhost>
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

reason:         client.py:139:addService:FirewallError: ALREADY_ENABLED=
: ipp
cmdline:        /usr/bin/python /usr/share/system-config-printer/system=
-config-printer.py
executable:     /usr/share/system-config-printer/system-config-printer.=
py
package:        system-config-printer-1.4.1-20.el7
component:      system-config-printer
pid:            3545
hostname:       localhost.localdomain
count:          5
abrt_version:   2.1.11
analyzer:       Python
architecture:   x86_64
duphash:        87bb2284f414279ccddcdbe6c58cbb45dae1d9cf
event_log:     =20
kernel:         3.10.0-826.el7.x86_64
last_occurrence: 1514984457
os_release:     Red Hat Enterprise Linux Workstation release 7.5 Beta (=
Maipo)
pkg_arch:       x86_64
pkg_epoch:      0
pkg_fingerprint: 199E 2F91 FD43 1D51
pkg_name:       system-config-printer
pkg_release:    20.el7
pkg_vendor:     Red Hat, Inc.
pkg_version:    1.4.1
runlevel:       N 5
time:           Wed 03 Jan 2018 12:59:27 PM CET
type:           Python
uid:            0
username:       root
uuid:           87bb2284f414279ccddcdbe6c58cbb45dae1d9cf

backtrace:
:client.py:139:addService:FirewallError: ALREADY_ENABLED: ipp
:
:Traceback (most recent call last):
:  File "/usr/share/system-config-printer/newprinter.py", line 1982, in=
 adjust_firewall_response
:    self.firewall.add_service (firewallsettings.IPP_SERVER_SERVICE)
:  File "/usr/share/system-config-printer/firewallsettings.py", line 12=
1, in add_service
:    self._fw_data.addService (service)
:  File "<string>", line 2, in addService
:  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 53,=
 in handle_exceptions
:    return func(*args, **kwargs)
:  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 139=
, in addService
:    raise FirewallError(errors.ALREADY_ENABLED, service)
:FirewallError: ALREADY_ENABLED: ipp
:
:Local variables in innermost frame:
:self: <class 'firewall.client.FirewallClientZoneSettings'>(['', 'Publi=
c', 'For use in public areas. You do not trust the other computers on n=
etworks to not harm your computer. Only selected incoming connections a=
re accepted.', False, 'default', ['ssh', 'dhcpv6-client', 'ipp', 'ipp-c=
lient', 'mdns'], [], [], False, [], [], [], [], [], [], False])
:service: 'ipp'
dso_list:
:python-firewall-0.4.4.4-14.el7.noarch
:system-config-printer-libs-1.4.1-20.el7.noarch
environ:
:LANG=3Den_US.UTF-8
:TERM=3Dxterm-256color
:SHELL=3D/bin/bash
:XAUTHORITY=3D/root/.xauthWRapEZ
:SHLVL=3D1
:HOME=3D/root
:HOSTNAME=3Dlocalhost.localdomain
:LESSOPEN=3D||/usr/bin/lesspipe.sh %s
:HISTSIZE=3D1000
:HISTCONTROL=3Dignoredups
:XDG_DATA_DIRS=3D/root/.local/share/flatpak/exports/share/:/var/lib/fla=
tpak/exports/share/:/usr/local/share/:/usr/share/
:PWD=3D/root
:LOGNAME=3Droot
:USER=3Droot
:MAIL=3D/var/spool/mail/root
:XDG_VTNR=3D1
:PATH=3D/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/r=
oot/bin
:LS_COLORS=3Drs=3D0:di=3D38;5;27:ln=3D38;5;51:mh=3D44;38;5;15:pi=3D40;3=
8;5;11:so=3D38;5;13:do=3D38;5;5:bd=3D48;5;232;38;5;11:cd=3D48;5;232;38;=
5;3:or=3D48;5;232;38;5;9:mi=3D05;48;5;232;38;5;15:su=3D48;5;196;38;5;15=
:sg=3D48;5;11;38;5;16:ca=3D48;5;196;38;5;226:tw=3D48;5;10;38;5;16:ow=3D=
48;5;10;38;5;21:st=3D48;5;21;38;5;15:ex=3D38;5;34:*.tar=3D38;5;9:*.tgz=
=3D38;5;9:*.arc=3D38;5;9:*.arj=3D38;5;9:*.taz=3D38;5;9:*.lha=3D38;5;9:*=
.lz4=3D38;5;9:*.lzh=3D38;5;9:*.lzma=3D38;5;9:*.tlz=3D38;5;9:*.txz=3D38;=
5;9:*.tzo=3D38;5;9:*.t7z=3D38;5;9:*.zip=3D38;5;9:*.z=3D38;5;9:*.Z=3D38;=
5;9:*.dz=3D38;5;9:*.gz=3D38;5;9:*.lrz=3D38;5;9:*.lz=3D38;5;9:*.lzo=3D38=
;5;9:*.xz=3D38;5;9:*.bz2=3D38;5;9:*.bz=3D38;5;9:*.tbz=3D38;5;9:*.tbz2=
=3D38;5;9:*.tz=3D38;5;9:*.deb=3D38;5;9:*.rpm=3D38;5;9:*.jar=3D38;5;9:*.=
war=3D38;5;9:*.ear=3D38;5;9:*.sar=3D38;5;9:*.rar=3D38;5;9:*.alz=3D38;5;=
9:*.ace=3D38;5;9:*.zoo=3D38;5;9:*.cpio=3D38;5;9:*.7z=3D38;5;9:*.rz=3D38=
;5;9:*.cab=3D38;5;9:*.jpg=3D38;5;13:*.jpeg=3D38;5;13:*.gif=3D38;5;13:*.=
bmp=3D38;5;13:*.pbm=3D38;5;13:*.pgm=3D38;5;13:*.ppm=3D38;5;13:*.tga=3D3=
8;5;13:*.xbm=3D38;5;13:*.xpm=3D38;5;13:*.tif=3D38;5;13:*.tiff=3D38;5;13=
:*.png=3D38;5;13:*.svg=3D38;5;13:*.svgz=3D38;5;13:*.mng=3D38;5;13:*.pcx=
=3D38;5;13:*.mov=3D38;5;13:*.mpg=3D38;5;13:*.mpeg=3D38;5;13:*.m2v=3D38;=
5;13:*.mkv=3D38;5;13:*.webm=3D38;5;13:*.ogm=3D38;5;13:*.mp4=3D38;5;13:*=
.m4v=3D38;5;13:*.mp4v=3D38;5;13:*.vob=3D38;5;13:*.qt=3D38;5;13:*.nuv=3D=
38;5;13:*.wmv=3D38;5;13:*.asf=3D38;5;13:*.rm=3D38;5;13:*.rmvb=3D38;5;13=
:*.flc=3D38;5;13:*.avi=3D38;5;13:*.fli=3D38;5;13:*.flv=3D38;5;13:*.gl=
=3D38;5;13:*.dl=3D38;5;13:*.xcf=3D38;5;13:*.xwd=3D38;5;13:*.yuv=3D38;5;=
13:*.cgm=3D38;5;13:*.emf=3D38;5;13:*.axv=3D38;5;13:*.anx=3D38;5;13:*.og=
v=3D38;5;13:*.ogx=3D38;5;13:*.aac=3D38;5;45:*.au=3D38;5;45:*.flac=3D38;=
5;45:*.mid=3D38;5;45:*.midi=3D38;5;45:*.mka=3D38;5;45:*.mp3=3D38;5;45:*=
.mpc=3D38;5;45:*.ogg=3D38;5;45:*.ra=3D38;5;45:*.wav=3D38;5;45:*.axa=3D3=
8;5;45:*.oga=3D38;5;45:*.spx=3D38;5;45:*.xspf=3D38;5;45:
:XDG_SESSION_ID=3D1
:DISPLAY=3D:0
:XDG_SEAT=3Dseat0
machineid:
:systemd=3D1ef57ac5ca734a3c9cbe031e92ec62aa
:sosreport_uploader-dmidecode=3D613936aaf8cb324f5e2af5d40ea60600d4bf082=
fb5e8182186123b7ca72145eb
os_info:
:NAME=3D"Red Hat Enterprise Linux Workstation"
:VERSION=3D"7.5 (Maipo)"
:ID=3D"rhel"
:ID_LIKE=3D"fedora"
:VARIANT=3D"Workstation"
:VARIANT_ID=3D"workstation"
:VERSION_ID=3D"7.5"
:PRETTY_NAME=3D"Red Hat Enterprise Linux Workstation 7.5 Beta (Maipo)"
:ANSI_COLOR=3D"0;31"
:CPE_NAME=3D"cpe:/o:redhat:enterprise_linux:7.5:beta:workstation"
:HOME_URL=3D"https://www.redhat.com/"
:BUG_REPORT_URL=3D"https://bugzilla.redhat.com/"
:
:REDHAT_BUGZILLA_PRODUCT=3D"Red Hat Enterprise Linux 7"
:REDHAT_BUGZILLA_PRODUCT_VERSION=3D7.5
:REDHAT_SUPPORT_PRODUCT=3D"Red Hat Enterprise Linux"
:REDHAT_SUPPORT_PRODUCT_VERSION=3D"7.5 Beta"



Expected results:
no such a traceback

Additional info:
rhel74 works fine, it seems to be regression
Comment 3 Petr Sklenar 2018-01-03 13:12:05 UTC 
Created attachment 1376347 [details]
abrt; tar -zcvf bz1530598.tar.gz /var/spool/abrt/Python-2018-01-03-12:59:27-3545
Comment 5 Eric Garver 2018-01-08 20:02:59 UTC 
re-assigning to system-config-firewall.

The firewall client code is reporting (via exception) that ipp is already enabled. It's up to system-config-printer to handle the exception.
Comment 6 Eric Garver 2018-01-08 20:04:03 UTC 
(In reply to Eric Garver from comment #5)
> re-assigning to system-config-firewall.

Of course I meant system-config-printer.
Comment 7 Zdenek Dohnal 2018-01-09 08:15:03 UTC 
Hi Eric,

why does firewall client raise an exception for already enabled service? IMHO it is something, which should be done in firewall client itself, not in every application using it - apps care only about if actual service is enabled in firewall, not about reacting on exceptions, which isn't critical for running the app. Not mentioning this is a behavior change in comparison of the past RHEL-7 minor releases, which should be discouraged.
Comment 8 Petr Sklenar 2018-01-09 09:49:09 UTC 
(In reply to Eric Garver from comment #5)
> re-assigning to system-config-firewall.
> 
> The firewall client code is reporting (via exception) that ipp is already
> enabled. It's up to system-config-printer to handle the exception.

and this behavior is smth new in rhel75 compare to older rhel7?
Comment 9 Eric Garver 2018-01-09 17:37:10 UTC 
(In reply to Petr Sklenar from comment #8)
> (In reply to Eric Garver from comment #5)
> > re-assigning to system-config-firewall.
> > 
> > The firewall client code is reporting (via exception) that ipp is already
> > enabled. It's up to system-config-printer to handle the exception.
> 
> and this behavior is smth new in rhel75 compare to older rhel7?

No. This behavior has been there since firewalld v0.4.0 (RHEL 7.3).

14fecd41eb6b ("firewall.client: Raise ALREADY/NOT _ENABLED errors")

$ git tag  --contains  14fecd41eb6be610179ff6e1b2534dd6171628be  
v0.4.0
Comment 10 Zdenek Dohnal 2018-01-10 15:53:54 UTC 
Fixed in upstream [master 2bd5bc61] s-c-p doesn't react on ALREADY_ENABLED firewalld exception .
IMO this issue is medium priority because this exception happens when IPP service is enabled in firewall, but IPP-CLIENT or MDNS isn't. This combination of firewall-enabled services isn't by default in RHEL (all services needed - ipp, ipp-client and mdns - are disabled in firewall by default, so s-c-p will enable them when it will be needed) 
I can respin s-c-p errata, if I can get acks.
Comment 11 Zdenek Dohnal 2018-01-10 15:55:14 UTC 
Created attachment 1379582 [details]
Upstream patch
Comment 20 errata-xmlrpc 2018-04-10 18:26:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0984