| Summary: | Firewalld + Libvirt | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Muhammad Tailounie <mageia> |
| Component: | RPM Packages | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, bequimao.de, geiger.david68210, herman.viaene, mageia, ouaurelien, sysadmin-bugs, thierry.vignaud |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | Mageia 7 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | firewalld-0.6.3-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | Installed packages, iptables output and error message of libvirt | ||
|
Description
Muhammad Tailounie
2019-12-17 08:03:42 CET
Thank you for the report and the valuable reference, which includes: "Until your distro has a firewalld that supports rule priorities, you should build the libvirt packages with "configure --without-firewalld-zone ...."" For an immediate but temporary fix: "(or just remove /usr/lib/firewalld/zones/libvirt.xml to immediately solve the problem on your host (until the next time you update the libvirt packages)" Two possibilities: 1. update firewalld https://www.firewalld.org, currently at 0.7.1. The notes for 0.7.0 say: "New features: Rich Rule Priorities" [link] which seems right. OR 2. In the meantime, re-build libvirt as described. I cannot find any pkg or SRPM which corresponds, although libvirt is listed - no maintainer; Nearest libvirt-sandbox-0.8.0-2.mga7.src.rpm. CC'ing Thierry & DavidG as most recent committers, otherwise assigning globally. CC:
(none) =>
geiger.david68210, thierry.vignaud Found the libvirt package at last, noted above in SRPM. No official maintainer, but Thierry has been the active maintainer. Ignore libvirt-sandbox in previous comment. DavidG is OK for firewalld; neoclust official maintainer now CC'd. CC:
(none) =>
mageia Should be fixed with firewalld-0.7.2-1.mga7 in Core/Updates_testing repo! This never got assigned to QA. Advisory: The firewalld package has been updated to version 0.7.2, which adds support for rule priorities, which is needed by the libvirt firewalld rules. References: https://firewalld.org/2019/05/firewalld-0-6-4-release https://firewalld.org/2019/06/firewalld-0-7-0-release https://firewalld.org/2019/07/firewalld-0-7-1-release https://firewalld.org/2019/10/firewalld-0-7-2-release core/updates_testing/firewalld-0.7.2-1.mga7.src.rpm You may want to ask to have it updated again, but I'll leave that up to you: https://firewalld.org/2020/01/firewalld-0-7-3-release https://firewalld.org/2020/04/firewalld-0-7-4-release https://firewalld.org/2020/06/firewalld-0-7-5-release Assignee:
pkg-bugs =>
qa-bugs David updated to 0.7.5. Advisory: The firewalld package has been updated to version 0.7.5, which adds support for rule priorities, which is needed by the libvirt firewalld rules. References: https://firewalld.org/2019/05/firewalld-0-6-4-release https://firewalld.org/2019/06/firewalld-0-7-0-release https://firewalld.org/2019/07/firewalld-0-7-1-release https://firewalld.org/2019/10/firewalld-0-7-2-release https://firewalld.org/2020/01/firewalld-0-7-3-release https://firewalld.org/2020/04/firewalld-0-7-4-release https://firewalld.org/2020/06/firewalld-0-7-5-release core/updates_testing/firewalld-0.7.5-1.mga7.src.rpm Using QArepo: Sorry, the following package cannot be selected: - firewalld-0.7.5-1.mga7.noarch (due to unsatisfied python3-firewall[== 0.7.5-1.mga7]) CC:
(none) =>
herman.viaene Then you didn't use QArepo correctly. If you filter it on the version/release of the SRPM, in most cases you should get everything (so *-0.7.5-1.mga7.*). Package list: firewalld-0.7.5-1.mga7 python3-firewall-0.7.5-1.mga7 firewalld-filesystem-0.7.5-1.mga7 firewall-applet-0.7.5-1.mga7 firewall-config-0.7.5-1.mga7 Created attachment 11871 [details]
Installed packages, iptables output and error message of libvirt
Host is Mageia 7, network managed by NetworkManager.
Uninstalled shorewall, installed firewalld instead.
Tried to install Mageia 8 as guest from Beta 1 KDE Plasma Live iso. Network <default> could not be started, see error message in attachment.
Switched network to enp14s0:macvtap, bridge mode, driver virtio. Then everything went smooth. As I didn't use firewalld before, and network state is exactly as before, I personally don't see any regression.
@Mohammad Tailounie: Any comment, any hint?CC:
(none) =>
bequimao.de As there are no other takers, I set it to ok. Ulrich Status:
NEW =>
RESOLVED Sorry, I did not want to set the bug report as resolved. My fault. Ulrich Status:
RESOLVED =>
REOPENED Validating. Advisory in Comment 5. Keywords:
(none) =>
validated_update
Aurelien Oudelet
2020-09-14 21:40:14 CEST
CC:
(none) =>
ouaurelien An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2020-0207.html Resolution:
(none) =>
FIXED |