Bug 727445

Summary:	YaST cannot determine firewall running status
Product:	[openSUSE] openSUSE 12.1	Reporter:	Mészáros Gyula <meszaros.gyula>
Component:	YaST2	Assignee:	Frederic Crozat <fcrozat>
Status:	RESOLVED FIXED	QA Contact:	Jiri Srain <jsrain>
Severity:	Major
Priority:	P5 - None	CC:	lnussel, locilka, ro
Version:	RC 1
Target Milestone:	---
Hardware:	x86-64
OS:	SUSE Other
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	YaST2 logs

Description Mészáros Gyula 2011-10-31 20:51:28 UTC

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

YaST firewall setup allows to switch off the firewall in place. The firewall is switched off but the status displayed is still "running".

Reproducible: Always

Steps to Reproduce:
1. Start YaST firewall configuration.
2. Press "Stop firewall" button.

Actual Results:  
The firewall is actually stopped, but its status is still displayed as "running".

Expected Results:  
After stopping the firewall its status should be displayed so in YaST.

Comment 1 Lukas Ocilka 2011-11-01 14:48:08 UTC

Attach YaST logs, please.

http://en.opensuse.org/openSUSE:Report_a_YaST_bug#I_reported_a_YaST2_bug.2C_and_now_I_am_asked_to_.22attach_y2logs.22._What_does_that_mean.2C_and_how_do_I_do_that.3F

Comment 2 Mészáros Gyula 2011-11-01 15:13:29 UTC

Created attachment 459747 [details]
YaST2 logs

Comment 3 Lukas Ocilka 2011-11-02 12:21:37 UTC

To me it looks like some inconsistency between SuSEfirewall2_setup
and SuSEfirewall2:

# Checking SuSEfirewall2_setup status says firewall rules are active
linux-i58a:~ # /etc/init.d/SuSEfirewall2_setup status
SuSEfirewall2_setup.service - LSB: SuSEfirewall2 phase 2
          Loaded: loaded (/etc/init.d/SuSEfirewall2_setup)
          Active: active (exited) since Wed, 02 Nov 2011 11:15:47 +0100; 1h 57min ago
         Process: 5218 ExecStop=/etc/init.d/SuSEfirewall2_setup stop (code=exited, status=0/SUCCESS)
         Process: 5264 ExecStart=/etc/init.d/SuSEfirewall2_setup start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/SuSEfirewall2_setup.service

# Checking rcSuSEfirewall2 status says the same, active
linux-i58a:~ # rcSuSEfirewall2 status
SuSEfirewall2_setup.service - LSB: SuSEfirewall2 phase 2
          Loaded: loaded (/etc/init.d/SuSEfirewall2_setup)
          Active: active (exited) since Wed, 02 Nov 2011 11:15:47 +0100; 1h 57min ago
         Process: 5218 ExecStop=/etc/init.d/SuSEfirewall2_setup stop (code=exited, status=0/SUCCESS)
         Process: 5264 ExecStart=/etc/init.d/SuSEfirewall2_setup start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/SuSEfirewall2_setup.service

# Stopping SuSEfirewall2, successful
linux-i58a:~ # /sbin/SuSEfirewall2 stop
SuSEfirewall2: Firewall rules unloaded.

# But SuSEfirewall2_setup is still active
linux-i58a:~ # /etc/init.d/SuSEfirewall2_setup status
SuSEfirewall2_setup.service - LSB: SuSEfirewall2 phase 2
          Loaded: loaded (/etc/init.d/SuSEfirewall2_setup)
          Active: active (exited) since Wed, 02 Nov 2011 11:15:47 +0100; 1h 58min ago
         Process: 5218 ExecStop=/etc/init.d/SuSEfirewall2_setup stop (code=exited, status=0/SUCCESS)
         Process: 5264 ExecStart=/etc/init.d/SuSEfirewall2_setup start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/SuSEfirewall2_setup.service

# Checking firewall status: inactive
linux-i58a:~ # /sbin/SuSEfirewall2 status
SuSEfirewall2: SuSEfirewall2 not active

# Stopping SuSEfirewall2_setup, successful
linux-i58a:~ # /etc/init.d/SuSEfirewall2_setup stop

# Now the firewall status is: inactive
linux-i58a:~ # /sbin/SuSEfirewall2 status
SuSEfirewall2: SuSEfirewall2 not active

# Checking SuSEfirewall2_setup status: finally inactive
linux-i58a:~ # /etc/init.d/SuSEfirewall2_setup status
SuSEfirewall2_setup.service - LSB: SuSEfirewall2 phase 2
          Loaded: loaded (/etc/init.d/SuSEfirewall2_setup)
          Active: inactive (dead) since Wed, 02 Nov 2011 13:14:33 +0100; 9s ago
         Process: 14725 ExecStop=/etc/init.d/SuSEfirewall2_setup stop (code=exited, status=0/SUCCESS)
         Process: 5264 ExecStart=/etc/init.d/SuSEfirewall2_setup start (code=exited, status=0/SUCCESS)
          CGroup: name=systemd:/system/SuSEfirewall2_setup.service

Comment 4 Ludwig Nussel 2011-11-02 12:45:09 UTC

init scripts are wrapped through systemd

Comment 5 Frederic Crozat 2011-11-02 13:08:26 UTC

and there isn't many way to workaround that, except running :
cd /etc/init.d
./SuSEfirewall2_setup status 

or we need to add a "don't redirect me" environment variable to /etc/rc.status

Comment 6 Ludwig Nussel 2011-11-02 13:15:03 UTC

like this?

--- a/files/etc/rc.status
+++ b/files/etc/rc.status
@@ -33,7 +33,7 @@
 #
 
 # Check if the service is used under systemd but not started with
-if /bin/mountpoint -q /sys/fs/cgroup/systemd > /dev/null 2>&1 ; then
+if test -z "$SYSTEMD_NO_WRAP" && /bin/mountpoint -q /sys/fs/cgroup/systemd > /dev/null 2>&1 ; then
     if test $PPID -ne 1 -a $# -eq 1 ; then
        _rc_base=
        case "$0" in

Comment 7 Frederic Crozat 2011-11-02 13:26:22 UTC

yep, fine for me.

Comment 8 Bernhard Wiedemann 2011-11-02 14:00:22 UTC

This is an autogenerated message for OBS integration:
This bug (727445) was mentioned in
https://build.opensuse.org/request/show/89948 Factory / yast2

Comment 9 Ludwig Nussel 2011-11-02 16:00:04 UTC

It's really just a hack though as systemd's internal state still says running.

Comment 10 Bernhard Wiedemann 2011-11-02 16:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (727445) was mentioned in
https://build.opensuse.org/request/show/89955 Factory / SuSEfirewall2
https://build.opensuse.org/request/show/89956 Factory / aaa_base

Comment 11 Mészáros Gyula 2011-11-06 22:49:14 UTC

It is the same in RC2.