https://bugzilla.novell.com/show_bug.cgi?id=855942 https://bugzilla.novell.com/show_bug.cgi?id=855942#c0 Summary: security:netfilter/shorewall: Bug: remote SUBSYSLOCK dir/file not created @ local compile+export Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software AssignedTo: toganm@dinamizm.com ReportedBy: ar16@imapmail.org QAContact: opensuse-communityscreening@forge.provo.novell.com Found By: Community User Blocker: --- I'm running a central Shorewall admin box, compiling for export to a remote box. Current config @ remote lsb_release -rd Description: openSUSE 13.1 (Bottle) (x86_64) Release: 13.1 rpm -qa shorewall\* shorewall-core-4.5.21.4-113.1.noarch shorewall-lite-4.5.21.4-113.1.noarch ls -al `which shorewall` lrwxrwxrwx 1 root root 24 Dec 16 20:33 /usr/sbin/shorewall -> /usr/sbin/shorewall-lite* shorewall version 4.5.21.4 Current config @ local lsb_release -rd Description: openSUSE 12.3 (x86_64) Release: 12.3 rpm -qa shorewall\* shorewall-4.5.21.4-112.1.noarch shorewall-init-4.5.21.4-112.1.noarch shorewall-core-4.5.21.4-112.1.noarch shorewall version 4.5.21.4 When I compile locally for export, the SUBSYSLOCK file's missing & not created @ remote, shorewall load remote.dom ... Running /usr/sbin/iptables-restore... IPv4 Forwarding Enabled Processing start user exit ... Processing started user exit ... touch: cannot touch ‘/var/lock/subsys/shorewall’: No such file or directory done. System remote.dom loaded Checking docs @ http://www.shorewall.net/manpages/shorewall.conf.html SUBSYSLOCK=[pathname] This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall to work with your distribution's initscripts. For RedHat and OpenSuSE, this should be set to /var/lock/subsys/shorewall. For Debian, the value is /var/lock/shorewall and in LEAF it is /var/run/shorewall. & checking locally, grep SUBSYSLOCK ./shorewall.conf SUBSYSLOCK=/var/lock/subsys/shorewall If I manually create the dir & touch the file @ remote, mkdir -p /var/lock/subsys touch /var/lock/subsys/shorewall then re-exec the compile for export, there's no more problem shorewall load remote.dom ... Running /usr/sbin/iptables-restore... IPv4 Forwarding Enabled Processing start user exit ... Processing started user exit ... done. System remote.dom loaded After a reboot of the remote ls -al /var/lock/subsys ls: cannot access /var/lock/subsys: No such file or directory neither the lock file, nor its parent dir, exist if the SUBSYSLOCK lockfile/dir do not exist @ time of export-driven fw exec, the file+dir should be created by the export script at the location correct for & specific to opensuse -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.