stages/firewall: fix fail when setting only the default zone
When the firewall stage is provided with stage options, which set only the default firewall zone, the `firewall-offline-cmd` command is executed unconditionally without any parameters. This is because in this case `ports`, `enabled_services` and `disabled_services` are all an empty lists. This results in a failure with the following error message: `Opening of '/etc/sysconfig/system-config-firewall' failed, exiting.` Make sure that the second invocation of `firewall-offline-cmd` happens conditionally, only when at least one of the `ports`, `enabled_services` or `disabled_services` is a non-empty list. Adjust the stage test to cover this scenario. Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit is contained in:
Tomas Hozza
Christian Kellner
parent
3b40125d4a
commit
9054da7d25
3 changed files with 22 additions and 11 deletions
|
|
@ -84,13 +84,14 @@ def main(tree, options):
|
||||||
|
|
||||||
# The options below are "lokkit" compatibility options and can not be used
|
# The options below are "lokkit" compatibility options and can not be used
|
||||||
# with other options.
|
# with other options.
|
||||||
subprocess.run(["chroot",
|
if ports or enabled_services or disabled_services:
|
||||||
tree,
|
subprocess.run(["chroot",
|
||||||
"firewall-offline-cmd"] +
|
tree,
|
||||||
list(map(lambda x: f"--port={x}", ports)) +
|
"firewall-offline-cmd"] +
|
||||||
list(map(lambda x: f"--service={x}", enabled_services)) +
|
list(map(lambda x: f"--port={x}", ports)) +
|
||||||
list(map(lambda x: f"--remove-service={x}", disabled_services)),
|
list(map(lambda x: f"--service={x}", enabled_services)) +
|
||||||
check=True)
|
list(map(lambda x: f"--remove-service={x}", disabled_services)),
|
||||||
|
check=True)
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -475,6 +475,12 @@
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "org.osbuild.firewall",
|
||||||
|
"options": {
|
||||||
|
"default_zone": "trusted"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "org.osbuild.firewall",
|
"name": "org.osbuild.firewall",
|
||||||
"options": {
|
"options": {
|
||||||
|
|
@ -488,8 +494,7 @@
|
||||||
],
|
],
|
||||||
"disabled_services": [
|
"disabled_services": [
|
||||||
"telnet"
|
"telnet"
|
||||||
],
|
]
|
||||||
"default_zone": "trusted"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,12 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "org.osbuild.firewall",
|
||||||
|
"options": {
|
||||||
|
"default_zone": "trusted"
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "org.osbuild.firewall",
|
"name": "org.osbuild.firewall",
|
||||||
"options": {
|
"options": {
|
||||||
|
|
@ -42,8 +48,7 @@
|
||||||
],
|
],
|
||||||
"disabled_services": [
|
"disabled_services": [
|
||||||
"telnet"
|
"telnet"
|
||||||
],
|
]
|
||||||
"default_zone": "trusted"
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue