Description of problem: Changing "Current View:" from "Runtime Configuration" to "Persistent Configuration". Then, go to the "public" zone, select the "Ports" tab, then try adding a port/port range. That's how I got my error, although you might encounter it through another method. Version-Release number of selected component: firewall-config-0.2.12-4.fc18 Additional info: cmdline: /usr/bin/python /usr/bin/firewall-config executable: /usr/bin/firewall-config kernel: 3.8.5-201.fc18.x86_64 uid: 1000 ureports_counter: 1 Truncated backtrace: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: Backup of '/usr/lib/firewalld/zones/public.xml' failed: [Errno 13] Permission denied: '/usr/lib/firewalld/zones/public.xml.old' Traceback (most recent call last): File "/usr/bin/firewall-config", line 1153, in onAddPort self.add_edit_port(True) File "/usr/bin/firewall-config", line 1235, in add_edit_port zone.update(settings) File "<string>", line 2, in update File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 103, in _enable_proxy return func(*p, **k) File "/usr/lib/python2.7/site-packages/firewall/client.py", line 174, in update self.fw_zone.update(tuple(settings.settings)) File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__ return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs) File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ **keywords) File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking message, timeout) DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: Backup of '/usr/lib/firewalld/zones/public.xml' failed: [Errno 13] Permission denied: '/usr/lib/firewalld/zones/public.xml.old' Local variables in innermost frame: byte_arrays: False self: <dbus._dbus.SystemBus (system) at 0xe2af50> args: (('', 'Public', 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', False, '{chain}_ZONE_{zone}', ['ssh', 'mdns', 'dhcpv6-client'], [('25565', 'tcp')], [], False, []),) object_path: '/org/fedoraproject/FirewallD1/config/zone/7' signature: u'(sssbsasa(ss)asba(ssss))' bus_name: dbus.UTF8String(':1.3') get_args_opts: {'byte_arrays': False, 'utf8_strings': False} timeout: 2147483.647 kwargs: {} dbus_interface: 'org.fedoraproject.FirewallD1.config.zone' message: <dbus.lowlevel.MethodCallMessage path: /org/fedoraproject/FirewallD1/config/zone/7, iface: org.fedoraproject.FirewallD1.config.zone, member: update dest: :1.3> method: 'update'
Created attachment 735053 [details] File: backtrace
Created attachment 735054 [details] File: core_backtrace
Created attachment 735055 [details] File: dso_list
Created attachment 735056 [details] File: environ
So we have two problems here. First is that firewall-config crashed after obtaining an exception from firewalld, which is duplicate of bug 951850. Second is that firewalld tried to make a backup of public.xml zone file in /usr/lib/firewalld/zones/ instead of in /etc/firewalld/zones/
To myself: I see one possibility how this could happen: Lets imagine that /usr/lib/firewalld/zones/public.xml was loaded but for some reason marked (in FirewallConfig.add_zone()) as 'not default'. Then during updating (after user changes any zone setting) FirewallConfig.set_zone_config() checks whether the zone is default or not and if it's not marked as default the zone file gets overwritten (with backup). Problem is that I can't find a place where this de-sync (i.e. loading zone from /usr/ but marking it as not default) could happen.
Nick, sorry for the delay. Are you able to reproduce the problem ? Do you by any chance remember what changes you had made prior to the steps to reproduce from your description ?
I believe I added a port while I was in "Runtime Configuration", but then thinking that I wouldn't have to add the port every time I log in, I switched to "Persistent Configuration" and tried adding the same port. That's when it crashed and triggered ABRT. More notes: Zone: Public //All the time I was doing this, I didn't change the zone. I'll try to reproduce this as soon as I can. Hope this new info helps!
(In reply to comment #6) > Problem is that I can't find a place where this de-sync (i.e. loading zone > from /usr/ but marking it as not default) could happen. I gave it another try today and rewrote [1] how/where we set the 'default(s)' flag. [1] https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=003cc6babeb66271a60d3b5b0436d259040b2887
firewalld-0.3.2-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/firewalld-0.3.2-1.fc19
Package firewalld-0.3.2-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing firewalld-0.3.2-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-7044/firewalld-0.3.2-1.fc19 then log in and leave karma (feedback).
firewalld-0.3.2-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.