Description of problem: Adding a port to the persistent configuration Version-Release number of selected component: firewall-config-0.2.12-5.fc18 Additional info: cmdline: /usr/bin/python /usr/bin/firewall-config executable: /usr/bin/firewall-config kernel: 3.8.6-203.fc18.x86_64 uid: 500 ureports_counter: 1 Truncated backtrace: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: INVALID_SERVICE: smb Traceback (most recent call last): File "/usr/bin/firewall-config", line 1153, in onAddPort self.add_edit_port(True) File "/usr/bin/firewall-config", line 1235, in add_edit_port zone.update(settings) File "<string>", line 2, in update File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 103, in _enable_proxy return func(*p, **k) File "/usr/lib/python2.7/site-packages/firewall/client.py", line 174, in update self.fw_zone.update(tuple(settings.settings)) File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__ return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs) File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__ **keywords) File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking message, timeout) DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: INVALID_SERVICE: smb Local variables in innermost frame: byte_arrays: False self: <dbus._dbus.SystemBus (system) at 0x254f830> args: (('', 'Public', 'For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.', False, '{chain}_ZONE_{zone}', ['mdns', 'samba', 'http', 'dhcpv6-client', 'ssh', 'smb'], [('8080', 'tcp')], [], False, []),) object_path: '/org/fedoraproject/FirewallD1/config/zone/7' signature: u'(sssbsasa(ss)asba(ssss))' bus_name: dbus.UTF8String(':1.8') get_args_opts: {'byte_arrays': False, 'utf8_strings': False} timeout: 2147483.647 kwargs: {} dbus_interface: 'org.fedoraproject.FirewallD1.config.zone' message: <dbus.lowlevel.MethodCallMessage path: /org/fedoraproject/FirewallD1/config/zone/7, iface: org.fedoraproject.FirewallD1.config.zone, member: update dest: :1.8> method: 'update'
Created attachment 736296 [details] File: backtrace
Created attachment 736297 [details] File: core_backtrace
Created attachment 736298 [details] File: dso_list
Created attachment 736299 [details] File: environ
Problem was not the port but the not-existing 'smb' service. Do you remember how did you add that service, I don't see any way how to do that in firewall-config. Also adding/loading of not-existing services has been fixed in 0.2.12-5 (bug 909466). It would be great if you could: # rm -f /etc/firewalld/zones/public.xml # systemctl reload firewalld now try to reproduce the problem and if you succeed provide all steps to reproduce Thanks
I started off configuring firewalld about a month ago when I first installed Fedora 18. One of the first things I did was get Samba working and I did the config using the command line tool. That was when I added the smb service (obviously instead of the samba service) and cannot now remember which version of the tool I used. The steps seemed easy but the way I was learning about firewalld was a bit disjointed, so I only found out about the permanent config after a reboot. I suspect I used the command firewall-cmd --permanent --add-service=smb in the version that allowed non-existent services. I am now on v 0.2.12 so cannot reproduce that same steps.
I should add that today was the first time I have used the GUI version of the tool and I did see an error message about the smb when I switched from current to permanent rules. I clicked "ignore" and the next action was to add a new port. That was when I saw the ABRT message.
Yes, it makes sense now, thanks. As I already said adding of nonexisting services has been fixed in 0.2.12-5 so this situation shouldn't occur again. Just remove the "smb" line from /etc/firewalld/zones/public.xml, reload firewalld and it should be ok. Closing this as duplicate of bug 909466. Sorry for the inconvenience. *** This bug has been marked as a duplicate of bug 909466 ***
Hmmm ... you know your processes better than me, but ... isn't the bug the fact that the GUI barfed when it saw the non-existent service, not that the service could be added to the config. The GUI should handle the presence of such a service cleanly. The tool actually removed the smb service for me. I ran it again and when I saw the same error dialog this time I pressed "remove" instead of "ignore".
Using you comments above I can now reproduce the problem. 1: Edit /etc/firewalld/zones/public.xml and add a line <service name="smb"/> 2: Start firewall-config 3: Select "Persistant Configuration" 4: When warning dialog appears select "Ignore". 5: Click "Ports" tab and "Add" button. 6: Add any port. ABRT appears when you click OK. New port does not get added.
(In reply to comment #10) > 4: When warning dialog appears select "Ignore". I think the dialog is the way how we handle this situation, i.e. when the problem has been found, display dialog with "hey there'a problem, do you want us to fix it for you or ignore it". In case of "Ignore" one should fix it herself or expect problems otherwise. I don't see any better way. Automatically changing users configuration behind her back is not good idea as well as silently ignoring problems.
Agreed, but continuing past "Ignore" should not cause an error and the tool should behave itself. Otherwise the safe thing to do would be to close the tool at that point.
(In reply to comment #12) > Agreed, but continuing past "Ignore" should not cause an error and the tool > should behave itself. I understand. The problem is that the error occurs on server (firewalld) side and the client (firewall-config) can't know this beforehand. > Otherwise the safe thing to do would be to close the > tool at that point. Which is what we do. When firewalld sends error we let user know and offer Quitting.
I've fixed the exception handling so the error dialog won't show the ugly exception name (org.freedesktop.DBus.Python.dbus.exceptions.DBusException), just the problem. https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=8be2054b1cb299b16995040c0c3297b3cf504c67
Mmm, well you offer ignore, not quit. Just trying to save you from future problem reports about why the app does not work after clicking ignore but I will leave it here and let you make your own mind up. At least if the DBUS error is fixed there be no more ABRT messages.
Ahaa. I know why we haven't understood each other. I run upstream version of firewalld/firewall-config here which already has had this fixed [1] - the firewall-config is not crashing and shows a proper dialog here. So it's more a duplicate of bug 951850 [1] https://git.fedorahosted.org/cgit/firewalld.git/commit/?id=cca8d53cf001fcbf6a6722845289011b7af366df *** This bug has been marked as a duplicate of bug 951850 ***