firewall: fix ZONE_CONFLICT when adding firewall interface to zone

Firewalld call addInterface() fails with ZONE_CONFLICT if the interface is already part of another zone. This complicates the code in NM, because we would have to keep better track of the zone in which the interface currently is. Which might be quite difficult because the zone might be changed from an external program (so we would have to monitor the firewall configuration and work around potential races). A better and simpler fix is to simply always use the changeZone() call. This will do the right thing, regardless if the interface is already part of a zone or not. https://bugzilla.redhat.com/show_bug.cgi?id=1103782 Signed-off-by: Thomas Haller <thaller@redhat.com>
author: Thomas Haller <thaller@redhat.com> 2014-06-03 08:58:20 +0200
committer: Thomas Haller <thaller@redhat.com> 2014-06-04 14:54:11 +0200
commit: c29388bf028d404066e46ea55abc4058abce4078 (patch)
tree: 20481f79704a97ab1cec87e29bc995857a670bf9
parent: c598336de8d5a257765bf415b87e2bb7a1140b7d (diff)
download: NetworkManager-c29388bf028d404066e46ea55abc4058abce4078.tar.gz
2 files changed, 4 insertions, 4 deletions
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 0cee808a27..c4fd15a12a 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -4010,7 +4010,7 @@ out:
 
 
 static void
-fw_add_to_zone_cb (GError *error, gpointer user_data)
+fw_change_zone_cb (GError *error, gpointer user_data)
 {
 	NMDevice *self = NM_DEVICE (user_data);
 	NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self);
@@ -4059,8 +4059,8 @@ nm_device_activate_schedule_stage3_ip_config_start (NMDevice *self)
 	priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager,
 	                                                        nm_device_get_ip_iface (self),
 	                                                        zone,
-	                                                        TRUE,
-	                                                        fw_add_to_zone_cb,
+	                                                        FALSE,
+	                                                        fw_change_zone_cb,
 	                                                        self);
 }
 
diff --git a/src/nm-policy.c b/src/nm-policy.c
index 90cb13af8e..c85f3217d3 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -1886,7 +1886,7 @@ firewall_started (NMFirewallManager *manager,
 			nm_firewall_manager_add_or_change_zone (priv->fw_manager,
 			                                        nm_device_get_ip_iface (dev),
 			                                        nm_setting_connection_get_zone (s_con),
-			                                        TRUE, /* add zone */
+			                                        FALSE, /* still change zone */
 			                                        add_or_change_zone_cb,
 			                                        g_object_ref (dev));
 		}
author	Thomas Haller <thaller@redhat.com>	2014-06-03 08:58:20 +0200
committer	Thomas Haller <thaller@redhat.com>	2014-06-04 14:54:11 +0200
commit	c29388bf028d404066e46ea55abc4058abce4078 (patch)
tree	20481f79704a97ab1cec87e29bc995857a670bf9
parent	c598336de8d5a257765bf415b87e2bb7a1140b7d (diff)
download	NetworkManager-c29388bf028d404066e46ea55abc4058abce4078.tar.gz