[Bug 1203086] New: package virtualbox-websrv does not contain firewall service defination
https://bugzilla.suse.com/show_bug.cgi?id=1203086 Bug ID: 1203086 Summary: package virtualbox-websrv does not contain firewall service defination Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: virt-bugs@suse.de Reporter: simon.crute@grafana.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hi, The package virtualbox-websrv does not contain a firewalld service defination. This makes is very hard to allow traffic through the firewall using YaST. Using the following commands created the defination. ``` firewall-cmd --permanent --new-service=vboxweb firewall-cmd --permanent --service=vboxweb --set-description="service to remotly manage VirtualBox" firewall-cmd --permanent --add-port=18083/tcp --zone=internal --service=vboxweb firewall-cmd --permanent --set-short="vboxweb" --service=vboxweb ``` This created the file ``` cat /etc/firewalld/services/vboxweb.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>vboxweb</short> <description>service to remotly manage VirtualBox</description> <port port="18083" protocol="tcp"/> </service> ``` I can't figure out how to submit this to the packaging system as an issue, so i thought I should log it here. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 Charles Arnold <carnold@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|virt-bugs@suse.de |Larry.Finger@gmail.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c1 --- Comment #1 from Larry Finger <Larry.Finger@gmail.com> --- Packaging those 4 commands as a script and running it through a post install command should do it. A bigger problem is that websrv is not included in version 7.0.0_BETA1. I have not yet seen their changelog, and this may only be temporarily removed, but it may never be back. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c2 --- Comment #2 from Simon Crute <simon.crute@grafana.com> --- I checked out their beta docs https://download.virtualbox.org/virtualbox/7.0.0_BETA1/UserManual.pdf and there's currently reference to it in the docs i section 9, and no mention in the changelogs. However, the changelog looks very very short for a major beta, so yeh. Who knows ! The SUSE packaging guidelines indicate dropping a service configuration file is a better approach. https://en.opensuse.org/Firewalld/RPM_Packaging -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c3 --- Comment #3 from Larry Finger <Larry.Finger@gmail.com> --- In their announcement of beta 1, Oracle explicit stated that the changelog and user manual had not been updated, but that beta 2 would have that information. Now that we know that websrv has at least one user, we will ensure that our release of 7.0.0 will include it, no matter what Oracle does. I agree that opening the firewall should be a service. I think that the commands should drop the --permanent switch, and let the service routine open the firewall hole temporarily after the system enters multi-user mode. That way the hole will not be left open if the websrv package is removed. Although 6.1.38 has been released, and we are now testing it, we likely will not add this service until 7.0.0. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c6 Larry Finger <Larry.Finger@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Larry Finger <Larry.Finger@gmail.com> --- Fixed in version 6.1.38, which is now in Tumbleweed, and submitted to Leap 15.3, 15.4, and 15.5. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c7 --- Comment #7 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10129-1: An update that solves two vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1201720,1203086,1203306,1203370 CVE References: CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.3 (src): virtualbox-6.1.38-lp153.2.36.1, virtualbox-kmp-6.1.38-lp153.2.36.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1203086 https://bugzilla.suse.com/show_bug.cgi?id=1203086#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2022:10152-1: An update that solves two vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1201720,1203086,1203306,1203370,1203735,1204019 CVE References: CVE-2022-21554,CVE-2022-21571 JIRA References: Sources used: openSUSE Leap 15.4 (src): virtualbox-6.1.38-lp154.2.15.1, virtualbox-kmp-6.1.38-lp154.2.15.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com