Red Hat Bugzilla – Bug 583986
lokkit creates firewall in selinux only mode
Last modified: 2010-09-28 05:04:37 EDT
Description of problem:
Using selinux options with lokkit results in selinux and firewall configurations. This is a problem for anaconda, because it is using lokkit to set the initial selinux configuration before configuring the firewall with an addional lokkit call later on.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Remove all firewall configuration files from the system: rm -rf /etc/sysconfig/ip*tables /etc/sysconfig/system-config-firewall
2. Configure selinux: lokkit --selinux=enforcing
3. Check firewall configuration: ls -l /etc/sysconfig/ip*tables /etc/sysconfig/system-config-firewall
Firewall will be configured with by using selinux options only.
Using selinux options will not touch the firewall.
There are two ways to solve this problem:
1) selinux options will not be usable with firewall options. They will conflict with firewall options. No default firewall will be created by turning off default option "--enabled".
2) A new option like "--nofw" will turn off firewall defaults and therefore the firewall will not be touched at all. Will conflict with firewall options supplied by the user.
Created attachment 407820 [details]
Bug#568528 (a Fedora 13 Release blocker) depends on this issue to move forward. I'm adding this bug to F13Blocker as well.
Thomas, just to be sure the situation's clear, bug #568528 depends on this one, and is a Fedora 13 blocker bug, so we'd like to have this applied and built into F13 as soon as possible so we can be sure to have 568528 fixed in plenty of time for the final release. Can you please prioritize this issue? Thanks!
Fedora Bugzappers volunteer triage team
Fixed in system-config-firewall-1.2.25-1.fc13.
system-config-firewall-1.2.25-1.fc13 has been submitted as an update for Fedora 13.
system-config-firewall-1.2.25-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update system-config-firewall'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/system-config-firewall-1.2.25-1.fc13
system-config-firewall-1.2.25-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.