Bug#780738: netfilter-persistent: failure to shortcircuit on ipv6.disabled=1 results in "degraded" systemd system

Mon, 20 Apr 2015 16:30:28 -0700 

Package: netfilter-persistent
Version: 1.0.3
Followup-For: Bug #780738



-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages netfilter-persistent depends on:
ii  init-system-helpers  1.22
ii  lsb-base             4.1+Debian13+nmu1

netfilter-persistent recommends no packages.

netfilter-persistent suggests no packages.

-- no debconf information


If IPv6 is disabled, then netfilter-persistent should fail to attempt to load 
any rules.v6 file, regardless of their existence, because otherwise failures 
cascade into many other places.
(systemd believes it is in a degraded state due to service failure, needrestart 
fails to run from dpkg failures related...)

Please shortcircuit any IPv6 conditionals based upon /proc/sys/net/ipv6 
non-existence as recommended by original bug report.


    sdowdy-jessie-vm:~# cat /proc/cmdline
    BOOT_IMAGE=/boot/vmlinuz-3.16.0-4-amd64 
root=UUID=797c2b0f-fb63-4857-9b73-f67a9d4eed31 ro ipv6.disable=1
    
    sdowdy-jessie-vm:~# systemctl status netfilter-persistent
    * netfilter-persistent.service - netfilter persistent configuration
       Loaded: loaded (/lib/systemd/system/netfilter-persistent.service; 
enabled)
       Active: failed (Result: exit-code) since Mon 2015-04-20 16:58:50 MDT; 
56s ago
      Process: 20901 ExecStart=/usr/sbin/netfilter-persistent start 
(code=exited, status=1/FAILURE)
     Main PID: 20901 (code=exited, status=1/FAILURE)
    
    Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: 
executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
    Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: 
executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
    Apr 20 16:58:50 sdowdy-jessie-vm netfilter-persistent[20901]: run-parts: 
/usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 2
    Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: netfilter-persistent.service: 
main process exited, code=exited, status=1/FAILURE
    Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Failed to start netfilter 
persistent configuration.
    Apr 20 16:58:50 sdowdy-jessie-vm systemd[1]: Unit 
netfilter-persistent.service entered failed state.
    
file /etc/iptables/rules.v6 accidentally created when not thinking in dpkg 
dialog during package updates by asking to save IPv6 rules.

    dowdy-jessie-vm:~# cat /etc/iptables/rules.v6
    # Generated by ip6tables-save v1.4.21 on Tue Dec  9 20:17:39 2014
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    # Completed on Tue Dec  9 20:17:39 2014
    
aptitude safe-upgrade with needrestart borks:
    needrestart is being skipped since dpkg has failed
    E: Sub-process /usr/bin/dpkg returned an error code (1)
    Failed to perform requested operation on package.  Trying to recover:
    Setting up netfilter-persistent (1.0.3) ...
    update-rc.d: warning: start and stop actions are no longer supported; 
falling back to defaults
    Job for netfilter-persistent.service failed. See 'systemctl status 
netfilter-persistent.service' and 'journalctl -xn' for details.
    invoke-rc.d: initscript netfilter-persistent, action "start" failed.
    dpkg: error processing package netfilter-persistent (--configure):
     subprocess installed post-installation script returned error exit status 1
    dpkg: dependency problems prevent configuration of iptables-persistent:
     iptables-persistent depends on netfilter-persistent (= 1.0.3); however:
      Package netfilter-persistent is not configured yet.
    
    dpkg: error processing package iptables-persistent (--configure):
     dependency problems - leaving unconfigured
    Errors were encountered while processing:
     netfilter-persistent
     iptables-persistent
                                             
    Current status: 39 updates [-552].

    sdowdy-jessie-vm:~# systemctl is-system-running
    degraded

    sdowdy-jessie-vm:~# systemctl list-units --state=,failed, --no-legend
    netfilter-persistent.service loaded failed failed netfilter persistent 
configuration


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to