Bug 804587 - firewall-cmd --get-active-zones returns nothing
Summary: firewall-cmd --get-active-zones returns nothing
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: F17Beta, F17BetaBlocker
TreeView+ depends on / blocked
 
Reported: 2012-03-19 10:50 UTC by Pavel Šimerda (pavlix)
Modified: 2012-03-22 03:59 UTC (History)
8 users (show)

Fixed In Version: selinux-policy-3.10.0-93.fc17
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-21 21:58:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Pavel Šimerda (pavlix) 2012-03-19 10:50:02 UTC 
Testing https://fedoraproject.org/wiki/QA:Testcase_firewalld_and_NetworkManager

Expected results:


firewall-cmd --get-active-zones

The output should look like this ('em1' is in used as an example):
public: em1

Actual results:

[root@dragon ~]# firewall-cmd --get-active-zones
[root@dragon ~]#
Comment 1 Jiri Popelka 2012-03-19 10:56:50 UTC 
Does it change when you turn of SELinux (setenforce 0) and restart firewalld (systemctl restart firewalld.service) ?
Comment 2 Jiri Popelka 2012-03-19 11:09:21 UTC 
Could be the same SELinux problem that I see:

Mar 19 11:50:56 localhost NetworkManager[343]: <warn> (eth1) firewall zone add/change failed: (9) An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.4" (uid=0 pid=343 comm="/usr/sbin/NetworkManager --no-daemon --log-level=D") interface="org.fedoraproject.FirewallD1.zone" member="addInterface" error name="(unset)" requested_reply="0" destination="org.fedoraproject.FirewallD1" (uid=0 pid=331 comm="/usr/bin/python /usr/sbin/firewalld --nofork --deb")

We should probably put a warning to the https://fedoraproject.org/wiki/QA:Testcase_firewalld_and_NetworkManager
Comment 3 Thomas Woerner 2012-03-19 11:28:03 UTC 
I have two fully updated F-17 test machines.. on both there is no problem with the interaction of firewalld and NetworkManager. Is the system updated completely (all testing packages applied)?
Comment 4 Jiri Popelka 2012-03-19 11:58:20 UTC 
All right, updating to selinux-policy-3.10.0-95.fc17 (from updates-testing) fixes the problem for me.
This should be mentioned on the 'Test case 3' page.
Comment 5 Jiri Popelka 2012-03-19 12:33:57 UTC 
From selinux-policy-3.10.0-93.fc17 changelog:
- Allow firewalld to dbus chat with networkmanager
Comment 6 Pavel Šimerda (pavlix) 2012-03-19 22:26:54 UTC 
Confirmed.
Comment 7 Adam Williamson 2012-03-20 23:08:00 UTC 
Re-opening this, because -93 was never pushed stable. -95 was submitted as an update but never made it to stable. -104 is pending push to stable. Re-opening this and proposing as a blocker: this is (I believe) the correct bug to track that we need at least selinux-policy -93 in the Beta (we'll actually take 104) to make sure IPv6 works.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 8 Thomas Woerner 2012-03-21 18:12:44 UTC 
Reassigning to selinux-policy.
Comment 9 Adam Williamson 2012-03-21 21:58:29 UTC 
selinux-policy 104 went stable, so closing again.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 10 Bruno Wolff III 2012-03-22 02:37:37 UTC 
-1 blocker -1 NTH Unless there are follow on affects to this issue, I don't think this hits any criteria.
Comment 11 Adam Williamson 2012-03-22 03:59:50 UTC 
bruno: it prevented IPv6 working out-of-the-box (one among several bugs of this kind).



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Note You need to log in before you can comment on or make changes to this bug.