Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 540110 - net-firewall/firewalld: Add a check for required kernel options
Summary: net-firewall/firewalld: Add a check for required kernel options
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Virtualization Team
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2015-02-15 05:19 UTC by dE
Modified: 2018-10-18 05:20 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description dE 2015-02-15 05:19:28 UTC
Otherwise firewalld fails to run.

Required -- 

NF_CONNTRACK_IPV6 NETFILTER_XT_MATCH_CONNTRACK

Reproducible: Always
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2015-02-15 08:42:17 UTC
1) Please post your `emerge --info net-firewall/firewalld' output in a comment.
2) Please post the entire command and its output, showing how it fails.
Comment 2 dE 2015-09-17 09:26:13 UTC
Portage 2.2.20 (python 2.7.9-final-0, default/linux/amd64/13.0/desktop/kde, gcc-4.9.3, glibc-2.20-r2, 3.17.1-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-3.17.1-gentoo-x86_64-Intel-R-_Core-TM-_i3-2120_CPU_@_3.30GHz-with-gentoo-2.2
KiB Mem:     8117864 total,   6377060 free
KiB Swap:   18874364 total,  18874364 free
Timestamp of repository gentoo: Sat, 12 Sep 2015 03:30:01 +0000
sh bash 4.3_p39
ld GNU ld (Gentoo 2.24 p1.4) 2.24
ccache version 3.1.9 [enabled]
app-shells/bash:          4.3_p39::gentoo
dev-java/java-config:     2.2.0::gentoo
dev-lang/perl:            5.20.2::gentoo
dev-lang/python:          2.7.9-r1::gentoo, 3.4.1::gentoo
dev-util/ccache:          3.1.9-r4::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.17::gentoo
sys-apps/sandbox:         2.6-r1::gentoo
sys-devel/autoconf:       2.69::gentoo
sys-devel/automake:       1.15::gentoo
sys-devel/binutils:       2.24-r3::gentoo
sys-devel/gcc:            4.9.3::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 3.17-r1::gentoo (virtual/os-headers)
sys-libs/glibc:           2.20-r2::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000

my-tree
    location: /home/de/dev-tree
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -fomit-frame-pointer -floop-interchange -floop-strip-mine -floop-block -fgraphite-identity -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"
CXXFLAGS="-march=native -O2 -fomit-frame-pointer -floop-interchange -floop-strip-mine -floop-block -fgraphite-identity -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps=n --complete-graph --binpkg-respect-use=y"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs binpkg-multi-instance candy ccache config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp"
USE="X a52 a53 aac aalib acc acpi adns alsa amd64 amr atm audiofile branding bzip2 cdda cdr cli consolekit cracklib css custom-cflags custom-optimization dbus dbx declarative dga dirac dri dts dv dvd dvdr emboss encode enscript exif faad ffmpeg firefox flac fortran gdu gif glamor glut gmp gsm gstreamer gzip iconv imlib ipc jit jpeg jpeg2k kde ladspa lame lcms libedit libnotify libsamplerate libwww lzma lzo mad matroska matrox mikmod mime minimal mmap mmx mmxext mng modules mozilla mp3 mp4 mpeg mplayer mudflap multilib musepack networkmanager nntp nocd nptl nptlonly nsplugin offensive ogg openal openexr opengl openmp optimization orc osc pam pango pdf phonon pie plasma png policykit posix ppds pppd qt3support qt4 quicktime raw readline schroedinger seccomp sharedmem shorten smp sndfile sockets socks5 speex spell sse sse2 sse3 sse4 sse4_1 sse4_2 ssse3 startup-notification strong-optimization svg symlink sysfs systemd taglib theora threads tiff toolame truetype twolame udev udisks unicode unixd upower usb vaapi vcd vhosts vorbis wavpack win32codecs wmf wxwidgets x264 xcb xcomposite xine xinerama xml xorg xpm xv xvid xvmc zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="unixd authn_core authz_core cgi cgid alias" APACHE2_MPMS="event" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="ssse3 sse3 sse4_1 sse4_2 mmx sse avx mmx sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver pdfimport" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_4" QEMU_SOFTMMU_TARGETS="x86_64" RUBY_TARGETS="ruby20 ruby21" USERLAND="GNU" VIDEO_CARDS="intel i965 i915" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

=================================================================
                        Package Settings
=================================================================

net-firewall/firewalld-0.3.13::gentoo was built with the following:
USE="-gui" ABI_X86="64" PYTHON_TARGETS="python2_7 python3_4 -python3_3"
Comment 3 dE 2015-09-17 09:29:41 UTC
In fact it should check for firewall in the 1st place.

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib64/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

Sep 17 14:55:00 desktopminer systemd[1]: Starting firewalld - dynamic firewall daemon...
Sep 17 14:55:00 desktopminer systemd[1]: Started firewalld - dynamic firewall daemon.
Sep 17 14:55:00 desktopminer firewalld[32340]: 2015-09-17 14:55:00 ERROR: ebtables not usable, disabling ethernet bridge firewall.
Sep 17 14:55:00 desktopminer firewalld[32340]: 2015-09-17 14:55:00 FATAL ERROR: No IPv4 and IPv6 firewall.
Sep 17 14:55:00 desktopminer firewalld[32340]: 2015-09-17 14:55:00 ERROR: Raising SystemExit in run_server

I'll just enable netfilter and show the output.
Comment 4 Matthias Maier gentoo-dev 2016-05-31 22:15:58 UTC
Yes indeed,

we currently do not do any checks for necessary kernel configuration options.

We should fix that at some point :-)
Comment 5 Larry the Git Cow gentoo-dev 2018-10-18 05:20:25 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9475fd2b16b650273ca215b4b88b08f7f3856d96

commit 9475fd2b16b650273ca215b4b88b08f7f3856d96
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2018-10-18 04:50:47 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2018-10-18 05:19:24 +0000

    net-firewall/firewalld: Version bump to 0.6.3
    
    Handle a bunch of overdue changes at the same time:
            - Depend on net-firewall/nftables (see upstream commit 7fc4b6cfb52c)
            - Switch to python-single-r1 (see upstream commit 6d5c0c61fe04)
            - Check for required kernel options (bug 540110)
            - Update OpenRC init file (bug 654706)
    
    Closes: https://github.com/gentoo/gentoo/pull/10033
    Closes: https://bugs.gentoo.org/540110
    Closes: https://bugs.gentoo.org/654706
    Closes: https://bugs.gentoo.org/662314
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-firewall/firewalld/Manifest               |   1 +
 net-firewall/firewalld/files/firewalld.init   |   4 +-
 net-firewall/firewalld/firewalld-0.6.3.ebuild | 100 ++++++++++++++++++++++++++
 3 files changed, 103 insertions(+), 2 deletions(-)