Firewald provided by Mageia fails to load zone file /usr/lib/firewalld/zones/libvirt.xml. The version of FirewallD in Mageia is 0.6.3 Please refer to: https://bugzilla.redhat.com/show_bug.cgi?id=1692188 Which recommends building libvirt '--without-firewalld-zone' until a newer version of the package is provided.
Thank you for the report and the valuable reference, which includes: "Until your distro has a firewalld that supports rule priorities, you should build the libvirt packages with "configure --without-firewalld-zone ...."" For an immediate but temporary fix: "(or just remove /usr/lib/firewalld/zones/libvirt.xml to immediately solve the problem on your host (until the next time you update the libvirt packages)" Two possibilities: 1. update firewalld https://www.firewalld.org, currently at 0.7.1. The notes for 0.7.0 say: "New features: Rich Rule Priorities" [link] which seems right. OR 2. In the meantime, re-build libvirt as described. I cannot find any pkg or SRPM which corresponds, although libvirt is listed - no maintainer; Nearest libvirt-sandbox-0.8.0-2.mga7.src.rpm. CC'ing Thierry & DavidG as most recent committers, otherwise assigning globally.
CC: (none) => geiger.david68210, thierry.vignaudAssignee: bugsquad => pkg-bugsSource RPM: (none) => firewalld-0.6.3-1.mga7.src.rpm, libvirt-sandbox-0.8.0-2.mga7.src.rpm
Found the libvirt package at last, noted above in SRPM. No official maintainer, but Thierry has been the active maintainer. Ignore libvirt-sandbox in previous comment. DavidG is OK for firewalld; neoclust official maintainer now CC'd.
CC: (none) => mageiaSource RPM: firewalld-0.6.3-1.mga7.src.rpm, libvirt-sandbox-0.8.0-2.mga7.src.rpm => firewalld-0.6.3-1.mga7.src.rpm, libvirt-5.3.0-2.mga7.src.rpm
Should be fixed with firewalld-0.7.2-1.mga7 in Core/Updates_testing repo!
This never got assigned to QA. Advisory: The firewalld package has been updated to version 0.7.2, which adds support for rule priorities, which is needed by the libvirt firewalld rules. References: https://firewalld.org/2019/05/firewalld-0-6-4-release https://firewalld.org/2019/06/firewalld-0-7-0-release https://firewalld.org/2019/07/firewalld-0-7-1-release https://firewalld.org/2019/10/firewalld-0-7-2-release core/updates_testing/firewalld-0.7.2-1.mga7.src.rpm You may want to ask to have it updated again, but I'll leave that up to you: https://firewalld.org/2020/01/firewalld-0-7-3-release https://firewalld.org/2020/04/firewalld-0-7-4-release https://firewalld.org/2020/06/firewalld-0-7-5-release
Assignee: pkg-bugs => qa-bugsSource RPM: firewalld-0.6.3-1.mga7.src.rpm, libvirt-5.3.0-2.mga7.src.rpm => firewalld-0.6.3-1.mga7.src.rpm
David updated to 0.7.5. Advisory: The firewalld package has been updated to version 0.7.5, which adds support for rule priorities, which is needed by the libvirt firewalld rules. References: https://firewalld.org/2019/05/firewalld-0-6-4-release https://firewalld.org/2019/06/firewalld-0-7-0-release https://firewalld.org/2019/07/firewalld-0-7-1-release https://firewalld.org/2019/10/firewalld-0-7-2-release https://firewalld.org/2020/01/firewalld-0-7-3-release https://firewalld.org/2020/04/firewalld-0-7-4-release https://firewalld.org/2020/06/firewalld-0-7-5-release core/updates_testing/firewalld-0.7.5-1.mga7.src.rpm
Using QArepo: Sorry, the following package cannot be selected: - firewalld-0.7.5-1.mga7.noarch (due to unsatisfied python3-firewall[== 0.7.5-1.mga7])
CC: (none) => herman.viaene
Then you didn't use QArepo correctly. If you filter it on the version/release of the SRPM, in most cases you should get everything (so *-0.7.5-1.mga7.*). Package list: firewalld-0.7.5-1.mga7 python3-firewall-0.7.5-1.mga7 firewalld-filesystem-0.7.5-1.mga7 firewall-applet-0.7.5-1.mga7 firewall-config-0.7.5-1.mga7
Created attachment 11871 [details] Installed packages, iptables output and error message of libvirt Host is Mageia 7, network managed by NetworkManager. Uninstalled shorewall, installed firewalld instead. Tried to install Mageia 8 as guest from Beta 1 KDE Plasma Live iso. Network <default> could not be started, see error message in attachment. Switched network to enp14s0:macvtap, bridge mode, driver virtio. Then everything went smooth. As I didn't use firewalld before, and network state is exactly as before, I personally don't see any regression. @Mohammad Tailounie: Any comment, any hint?
CC: (none) => bequimao.de
As there are no other takers, I set it to ok. Ulrich
Status: NEW => RESOLVEDResolution: (none) => FIXEDWhiteboard: (none) => MGA7-64-OK
Sorry, I did not want to set the bug report as resolved. My fault. Ulrich
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Validating. Advisory in Comment 5.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => ouaurelienTarget Milestone: --- => Mageia 7Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2020-0207.html
Resolution: (none) => FIXEDStatus: REOPENED => RESOLVED