When support was added for firewalld using an nftables backend, part of the implementation required adding a new firewalld zonefile called "libvirt" that uses a new firewalld feature - the ability to set a priority for each rich rule in a zone. Anticipating that some distros would get an updated libvirt package before they got an updated firewalld package, the support for the libvirt zonefile was made contingent on a --with-firewalld-zone configure option. In the libvirt.spec file, we set this flag on if the Fedora version was 30+ (since the F30 release was at that time several months in the future), but the GA of F30 is now imminent, and the F30 firewalld package hasn't yet been updated to support rich rule priorities (most likely because there hasn't been a new upstream release of firewalld since that feature was added. The presence of the libvirt zonefile in a system that has a firewalld that doesn't support rich rule priorities will result in this error message every time firewalld is started/restarted: firewalld[13355]: ERROR: Failed to load zone file '/usr/lib/firewalld/zones/libvirt.xml': PARSE_ERROR: rule: Unexpected attribute priority Since the F30 firewalld has a patch to make iptables the default backend, the libvirt zone isn't needed for proper networking, so there is no *functional* problem, but users may be confused by the above error message and unnecessarily file bug reports. So we could decide to continue installing the libvirt zonefile (in anticipation of the F30 firewalld being updated to support rich rule priorities), or we could decide to patch the libvirt.spec to only install the libvirt zonefile for F31+, and avoid the error logs (if we do this, we should probably do it upstream and backport the patch rather than just making it a downstream patch).
I pushed this upstream: commit 65b08aff08df4eb9593620274e5a09e1b92f24aa Author: Laine Stump <laine> Date: Thu Apr 11 12:53:54 2019 -0400 build: set --without-firewalld-zone in configure commandline for Fedora 30 It's been verified in an IRC discussion that firewalld will be staying with iptables (and won't get rule priorities) on F30, so this same patch should be applied to the libvirt.spec file in Fedora git.
*** Bug 1704438 has been marked as a duplicate of this bug. ***
FEDORA-2019-6aa8bc010f has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6aa8bc010f
I just did the same change on the f30 package branch and built it, and submitted an update. It didn't seem worth changing the other branches as the change won't really do anything there...
libvirt-5.1.0-7.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6aa8bc010f
libvirt-5.1.0-8.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6aa8bc010f
libvirt-5.1.0-8.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.