Mailinglist Archive: opensuse-bugs (5379 mails)

< Previous Next >
[Bug 610327] SuSEfirewall2 misses the service 'cups'
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 1 Jun 2010 12:35:06 +0000
  • Message-id: <20100601123506.E7BB224551D@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=610327

http://bugzilla.novell.com/show_bug.cgi?id=610327#c8


Johannes Meixner <jsmeix@xxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |WONTFIX

--- Comment #8 from Johannes Meixner <jsmeix@xxxxxxxxxx> 2010-06-01 12:35:06
UTC ---
I can only reproduce it if I have a default
/etc/sysconfig/SuSEfirewall2 with the only change
FW_CONFIGURATIONS_EXT="cups"
but not with FW_CONFIGURATIONS_INT="cups".

Therefore I cannot reproduce what comment #2 reads.
I think "a clean 11.3 m6 install" did not mean
a 11.3 default installation from scratch.

With FW_CONFIGURATIONS_EXT="cups" but without a matching
/etc/sysconfig/SuSEfirewall2.d/services/cups I get:
---------------------------------------------------------------
root@host# rcSuSEfirewall2 start
Starting Firewall Initialization (phase 2 of 2)
SuSEfirewall2: Warning: config 'cups' not available
done
---------------------------------------------------------------

From my point of view everything is correct.
Usually there is no FW_CONFIGURATIONS_EXT="cups"
and then there is also no warning.
But in case of an update when FW_CONFIGURATIONS_EXT="cups"
was used, or in case of a new installation from scratch
where the use set FW_CONFIGURATIONS_EXT="cups" manually
(because in YaST it is correctly no longer available)
the warning is exactly what should be shown
to make the user aware of the incompatible change.

For openSUSE 11.3 there is an incompatible change
(FW_CONFIGURATIONS_...="cups" does no longer work)
which leads to some annoyance but I don't know a
solution which avoids the annoyance but is still
sufficiently secure because I will no longer provide
such a too easy invitation for normal users to set up
a security hole in the cups packages.

Furthermore the help texts in the YaST printer
and scanner modules regarding firewall have been
already updated and point to the URL
http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings

For openSUSE 11.3 I close the issue as "wontfix"
(there is some annoyance but I don't know to avoid it).

For future openSUSE versions after 11.3 we may think about
how to enhace it according to comment #7 (but this is still
an incompatible change because FW_CONFIGURATIONS_EXT="cups"
will still no longer work - onyl FW_CONFIGURATIONS_INT="cups"
will then work).

--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >