Summary: | net-firewall/nftables force-ably enables nftables-restore.service | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Mike Gilbert <floppym> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | klondike, prometheanfire, systemd |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
To be sincere systemd is way out of my paygrade and that call was there when I first wrote the modern kernel patchset. Maybe prometheanfire knows why is it there. Ya, I'm not sure why. predates me. Fixed though. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b4128863073b653d7060c4c12559d8c6061abcf commit 1b4128863073b653d7060c4c12559d8c6061abcf Author: Matthew Thode <prometheanfire@gentoo.org> AuthorDate: 2019-01-28 15:24:06 +0000 Commit: Matthew Thode <prometheanfire@gentoo.org> CommitDate: 2019-01-28 15:24:11 +0000 net-firewall/nftables: don't enable service by default Fixes: https://bugs.gentoo.org/676290 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Matthew Thode <prometheanfire@gentoo.org> net-firewall/nftables/nftables-0.9.0-r4.ebuild | 97 ++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) |
Every time I boot, I get this error: nftables.sh[633]: /dev/stdin:1:1-14: Error: Could not process rule: Operation not supported systemd[1]: nftables-restore.service: Main process exited, code=exited, status=1/FAILURE systemd[1]: nftables-restore.service: Failed with result 'exit-code'. systemd[1]: Failed to start Store and restore nftables firewall rules. I never enabled nftables-restore.service, so it should not be running in the first place. The ebuild does this: > systemd_enable_service basic.target ${PN}-restore.service This creates a symlink in /lib/systemd/system/basic.target.wants/. It is not possible for the sysadmin to disable this unless they mask the unit. This systemd_enable_service call should be removed from the nftables ebuild. Possibly a pkg_postinst message or a news item should be created to warn users to enable the service themselves. In fact, the function should be removed from the eclass altogether; I can't think of an appropriate use for it.