Your message dated Wed, 18 Dec 2019 17:04:15 +0000
with message-id <[email protected]>
and subject line Bug#945459: fixed in firewalld 0.8.0-1
has caused the Debian Bug report #945459,
regarding Daemon fails to start in container due to nf_conntrack permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
945459: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945459
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: firewalld
Version: 0.6.3-5
Severity: important
Tags: upstream
Dear Maintainer,
On Debian Buster, when the 'firewalld' package is installed in an unprivileged
LXC container, the daemon fails to start due to not being able to load the
'nf_conntrack' kernel module. This makes the 'firewalld' service unusable in
that environment. The problem is in the logic used by the 'firewalld' service
itself, not in the system configuration.
This issue is known to the upstream:
https://github.com/firewalld/firewalld/issues/519
The fix implemented by the upstream:
https://github.com/firewalld/firewalld/commit/cef1e52af87508f90ab541fb02464ab3a1410ec5
Since this is not a security issue, and the service works fine outside of the
restricted environment, I'm not sure if the fix can be implemented in the
'firewalld' package included in Debian Buster. Perhaps this could be used as
a good argument for providing the 'firewalld' package with included fix via
the buster-backports repository.
Best Regards,
Maciej Delmanowski
-- System Information:
Debian Release: 10.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8),
LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firewalld depends on:
ii dbus 1.12.16-1
ii gir1.2-glib-2.0 1.58.3-2
ii init-system-helpers 1.56+nmu1
ii iptables 1.8.2-4
ii policykit-1 0.105-25
ii python3 3.7.3-1
ii python3-dbus 1.2.8-3
ii python3-gi 3.30.4-1
pn python3-slip-dbus <none>
Versions of packages firewalld recommends:
pn ipset <none>
firewalld suggests no packages.
--- End Message ---
--- Begin Message ---
Source: firewalld
Source-Version: 0.8.0-1
We believe that the bug you reported is fixed in the latest version of
firewalld, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated firewalld package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 18 Dec 2019 17:43:19 +0100
Source: firewalld
Architecture: source
Version: 0.8.0-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Closes: 945459
Changes:
firewalld (0.8.0-1) unstable; urgency=medium
.
* New upstream version 0.8.0
- Make failures to load kernel modules non-fatal. (Closes: #945459)
* Use DEP-14 branch naming
* Drop obsolete Breaks/Replaces
* Bump Standards-Version to 4.4.1
* Drop obsolete configure flags
* Add dependency on python3-nftables.
The nftables backend is now using the JSON interface of libnftables
instead of calling the nft binary.
Checksums-Sha1:
cb4ae09d140a693b540c1a8dddda9881e3da0647 2333 firewalld_0.8.0-1.dsc
e558ccbfd8a0e08d9339cf1506d8856d3533ed82 1624787 firewalld_0.8.0.orig.tar.gz
0f213d2c40b58e7726b74786444c6ebbfe6f92bb 9104 firewalld_0.8.0-1.debian.tar.xz
f12beae30a01a68b053e25d3aeab6cc7d0d4f5dc 7622
firewalld_0.8.0-1_source.buildinfo
Checksums-Sha256:
2e4614b8aa2b05534ba3fa34a600b0af723f481e021e5296ceeb63009fda2fb4 2333
firewalld_0.8.0-1.dsc
a1835af972b0f3b6053ae6d8c63e24515d29de151f41b466ac0fd954cab60f1b 1624787
firewalld_0.8.0.orig.tar.gz
4e046e4e0eb14588b7756c7fc1b198ba797b50b7b09becac1cbe2ad36e915a3c 9104
firewalld_0.8.0-1.debian.tar.xz
4dbfab2fdccb6232b638a89f4ffbff5260745f80412e30acbfa903b330a8a425 7622
firewalld_0.8.0-1_source.buildinfo
Files:
921c163bd13a606e62a8c2909d806c12 2333 net optional firewalld_0.8.0-1.dsc
f3cabced64e543cb1e99f0dfa4b963e0 1624787 net optional
firewalld_0.8.0.orig.tar.gz
86b258757b956548f4ad28b0c7097c2e 9104 net optional
firewalld_0.8.0-1.debian.tar.xz
e3df9f2f2503e1452da32eb7b275908b 7622 net optional
firewalld_0.8.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAl36WCIACgkQauHfDWCP
ItyAyw//d5DTUP4xJgiM7ey5mnUoBKGOnfQVEk2luK6fLArzeongP97fQsX9Q9yl
13FUBZq6AlKHtc4+ICwd2mpL7GaZnrpYPRAkaNbcZSrY2h+zvZF+P6j++NvuTd3u
cbdjXyDCToXQ9A/CXLJJgZIPjD5bpEmD9sNfJcYWnfWpg/+/u2AlkSKNTp3VbeEh
d+oVBGJGAWmV0XkDT1HVikxG37uVBlm3N/xfO3OrgFUcUKAjyfVlyKrsg+YEwdAN
tb7Ba59IDGUAv4TsVeut0liq9Iv5+62tBOWnqLZkzAOE8oQwzXOrLtOwZ0KW9ara
iq3nhhqhOJPtPBh/dt1Uy5oVccUtHaPyoTdzP90s7JkhgygkypM6hHwhNvqvYQcI
qB9vm2tvCtYHvpLvrOpm/PJcCZ6Fwd1+KENJtvp7tNtNCSmC/ZhDWluNGfmS55d8
/fg2HVSlytBRbdghVlxpTa6IMqxd/3wMugW0GY01iQmMdYIlj/XW+XOso0gPQNgw
mL+Xpwnz2g8ONMqY8HjXgYZbTrojW+87ordjunQyCLYgpWY0l1P7XWblv6Mk9M0y
Lhrf1aQiEedhC6x9f5mRdXwnJ3H3HCtd+XFHmjLzIGNbndGAHl9Zt4QCzRHcuR0q
bJjtqZZ6N6shvbh31VPmknK0wi7IKC/j7sNhCYS2aBbwHTWuloI=
=fLBl
-----END PGP SIGNATURE-----
--- End Message ---
