FEDORA-2018-1c31f1eccd created by mooninite 2 years ago for Fedora 27
obsolete

This update has been submitted for testing by mooninite.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon mhayden commented & provided feedback 2 years ago
karma

iptables command and service scripts work

User Icon bojan commented & provided feedback 2 years ago
karma

I have a system with iptables/ip6tables configured as services. There seems to be a race to get the xtables lock file with this version. I have either iptables or ip6tables failing on boot. I can start either the service later on. A typical message:

ip6tables.init[714]: ip6tables: Applying firewall rules: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago
User Icon bojan commented & provided feedback 2 years ago
karma

Just as an FYI, downgrading to 1.6.1-4 makes both services work on boot again.

SELinux is preventing iptables-restor from read access on the file xtables.lock
User Icon bluepencil commented & provided feedback 2 years ago
karma

And adding semodule for iptables results in:

ip6tables.init[627]: ip6tables: Applying firewall rules: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?
ip6tables.init[627]: [FAILED]

works for me but no ipv6 here

User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

I'm going to unpush. The issue with ip6tables will be addressed before this is pushed.

This update has been unpushed.

mooninite edited this update.

New build(s):

  • iptables-1.6.2-2.fc27

Removed build(s):

  • iptables-1.6.2-1.fc27

Karma has been reset.

2 years ago

This update has been submitted for testing by mooninite.

2 years ago

The startup race with iptables/ip6tables has been fixed. Please re-test this latest update.

This update has been pushed to testing.

2 years ago
User Icon bluepencil commented & provided feedback 2 years ago
karma

Works fine in build 1.6.2-2

...except for SELinux keeps preventing iptables from start

User Icon bojan commented & provided feedback 2 years ago
karma

It works here (-2), but I do have these extra SELinux policy rules in a local module:

allow iptables_t plymouthd_t:unix_stream_socket connectto; allow iptables_t var_run_t:file { read lock open };

So, that should also be fixed, I guess. The above is based on denials I've seen in my audit.log over some time.

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

selinux-policy-3.13.1-283.27.fc27.noarch kernel-4.15.9-300.fc27.x86_64 iptables-1.6.2-2.fc27.x86_64

my workoraund: cat /etc/systemd/system/iptables.service.d/override.conf [Service] ExecStartPre=-/usr/libexec/iptables/iptables.init start ExecStartPre=-/usr/sbin/restorecon /run/xtables.lock

systemctl status iptables Process: 1741 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Process: 1740 ExecStartPre=/usr/sbin/restorecon -F /run/xtables.lock (code=exited, status=0/SUCCESS) (!!!) Process: 1714 ExecStartPre=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)

This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

2 years ago

installs fine

User Icon jayjayjazz commented & provided feedback 2 years ago
karma

Works fine for me!

User Icon dandim commented & provided feedback 2 years ago
karma

Works for me

User Icon robbinespu commented & provided feedback 2 years ago
karma

worked

We need more noise on bug 1551463 in order to send this to stable. I'm unpushing this for now.

This update has been unpushed.

Can we split out the nftables/libnfntl updates on their own? There's a request to update them in https://bugzilla.redhat.com/show_bug.cgi?id=1565632

mooninite edited this update.

Removed build(s):

  • libnftnl-1.0.9-2.fc27
  • nftables-0.8.2-2.fc27

Karma has been reset.

2 years ago

This update has been submitted for testing by mooninite.

2 years ago

This update has been pushed to testing.

2 years ago

FYI: the latest selinux-policy should have fixed this. I'm pushing this out again.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been obsoleted by iptables-1.6.2-3.fc27.

2 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
modified
2 years ago
BZ#1417323 iptables-1.6.2 is available
0
0

Automated Test Results