Bug 583986 - lokkit creates firewall in selinux only mode
Summary: lokkit creates firewall in selinux only mode
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-firewall
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 568528 583987
TreeView+ depends on / blocked
 
Reported: 2010-04-20 12:58 UTC by Thomas Woerner
Modified: 2010-09-28 09:04 UTC (History)
4 users (show)

Fixed In Version: system-config-firewall-1.2.25-1.fc13
Clone Of:
: 583987 (view as bug list)
Environment:
Last Closed: 2010-04-30 23:38:19 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Poposed patch (2.94 KB, patch)
2010-04-20 13:40 UTC, Thomas Woerner 		no flags Details | Diff
View All

Description Thomas Woerner 2010-04-20 12:58:09 UTC 
Description of problem:
Using selinux options with lokkit results in selinux and firewall configurations. This is a problem for anaconda, because it is using lokkit to set the initial selinux configuration before configuring the firewall with an addional lokkit call later on.

Version-Release number of selected component (if applicable):
system-config-firewall-1.2.24-1

How reproducible:
Always

Steps to Reproduce:
1. Remove all firewall configuration files from the system: rm -rf /etc/sysconfig/ip*tables /etc/sysconfig/system-config-firewall
2. Configure selinux: lokkit --selinux=enforcing
3. Check firewall configuration: ls -l /etc/sysconfig/ip*tables /etc/sysconfig/system-config-firewall
  
Actual results:
Firewall will be configured with by using selinux options only.

Expected results:
Using selinux options will not touch the firewall.

Additional info:
There are two ways to solve this problem:
1) selinux options will not be usable with firewall options. They will conflict with firewall options. No default firewall will be created by turning off default option "--enabled".

2) A new option like "--nofw" will turn off firewall defaults and therefore the firewall will not be touched at all. Will conflict with firewall options supplied by the user.
Comment 1 Thomas Woerner 2010-04-20 13:40:53 UTC 
Created attachment 407820 [details]
Poposed patch
Comment 2 James Laska 2010-04-23 16:26:50 UTC 
Bug#568528 (a Fedora 13 Release blocker) depends on this issue to move forward.  I'm adding this bug to F13Blocker as well.
Comment 3 Adam Williamson 2010-04-23 16:28:58 UTC 
Thomas, just to be sure the situation's clear, bug #568528 depends on this one, and is a Fedora 13 blocker bug, so we'd like to have this applied and built into F13 as soon as possible so we can be sure to have 568528 fixed in plenty of time for the final release. Can you please prioritize this issue? Thanks!



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 4 Thomas Woerner 2010-04-26 14:51:06 UTC 
Fixed in system-config-firewall-1.2.25-1.fc13.

http://koji.fedoraproject.org/koji/buildinfo?buildID=168776
Comment 5 Fedora Update System 2010-04-26 15:13:06 UTC 
system-config-firewall-1.2.25-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/system-config-firewall-1.2.25-1.fc13
Comment 6 Fedora Update System 2010-04-27 05:49:50 UTC 
system-config-firewall-1.2.25-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update system-config-firewall'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-firewall-1.2.25-1.fc13
Comment 7 Fedora Update System 2010-04-30 23:38:08 UTC 
system-config-firewall-1.2.25-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.