[Bug 732884] New: firewall activation during install(default) causes firewall deactivation with install finishing - user do not see that!
https://bugzilla.novell.com/show_bug.cgi?id=732884 https://bugzilla.novell.com/show_bug.cgi?id=732884#c0 Summary: firewall activation during install(default) causes firewall deactivation with install finishing - user do not see that! Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: melchiaros@aol.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=464186) --> (http://bugzilla.novell.com/attachment.cgi?id=464186) yast2, message, warn, zypper User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 I´ve tried it with two independent openSUSE12.1 final 64bit installations: The firewall is set to active during installation by default, but: In the finished installation the firewall is in fact !deactivated!!! -> instead of the default firewall activation setting in the install system(which I have not changed). A user have to manually check thatover the yast2 firewall module and have to activate it manually for the session and also have to activate the firewall start by system start. -> Both has to be done when the firewall activation is set by the installation system! Reproducible: Always Steps to Reproduce: 1.start the openSUSE12.1 final 64bit installation from the full4.7GB DVD 2.Do the default installation of the sytem(I have switched off the seperate home partition) 3.See in the final summary dialog that firewall is set to active by default and let it be like this. 4.Finish the installation and wait for the first start of the system. 5.After the first start of the system call yast2 -> firewall 6.See in the yast2 firewall module that the firewall is not active and also not starting with system start! -> that is the opposite of what the user has chosen!!! Actual Results: Not working firewall after install by activating firewall during installation. -> the opposite behavior of what is chosen in the installation system. Expected Results: The firewall should behave like it is set in the installation dailog. -> By default the firewall should start, when it is set to start during installation( and by default. There are tree thinks to say about that(see it as personal comment): 1.I remember that such a problem was also there in openSUSE11.4 and may be 11.3(and may be before ; do not remember for that). -> When a failure occurs regularly there should be a point in the shipping procedure during development cycle that point on checks for that. 2.I have as standard some server(also apache) installed. Just for figuring arround. To have it quick there when I just need it, so that I do not spend extra time it such moments for installing and enabling. -> I be sure that much other handle it like this. 3.You should think about your packager. A local installation of obs has a working apache server in it´s dependence as far as I remember -> It would be not so greatfull when passwords for the official obs would get lost or spec files would get manipulated that would later find their way unrecognized of the manipulation with upload to the official obs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c2
--- Comment #2 from melchiaros melchiaros
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c3
--- Comment #3 from melchiaros melchiaros
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c
Martin Vidner
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c4
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c5
Charles Arnold
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c6
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c7
--- Comment #7 from Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c
Charles Arnold
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c8
Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c9
Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c10
--- Comment #10 from Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c11
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c12
--- Comment #12 from Olaf Hering
Other installation (not using Xen) didn't suffer from this issue.
Yes, thats whats mentioned in the initial comments.
Why I think it's caused by Xen is this log entry: --- cut --- Enabling service SuSEfirewall2_init insserv: Service syslog is missed in the runlevels 4 to use service xenstored Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. --- cut --- summarized in comment #4
This insserv output is just a warning.
If you still have issues with patched system, please provide YaST logs and
I use the official iso image, so I can eventually reproduce the bug. But so far it does not happen for me. I will try it on bare hardware later this week. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c13
--- Comment #13 from Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c14
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c15
--- Comment #15 from Olaf Hering
YaST logs would definitely help with debugging :)))
I was not able to reproduce it with native hardware, but it did happen in a hyper-v guest for some reason. I will reproduce it once more and attach logs from that host. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c16
Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c
Olaf Hering
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c17
Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c18
--- Comment #18 from Olaf Hering
For some reason, YaST Network has disabled the Firewall
Is this also the case in the logs from the initial report? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c19
--- Comment #19 from Lukas Ocilka
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c20
Markus Abt
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c21
Martin Vidner
https://bugzilla.novell.com/show_bug.cgi?id=732884
https://bugzilla.novell.com/show_bug.cgi?id=732884#c22
Michal Filka
participants (1)
-
bugzilla_noreply@novell.com