diff options
| author | Thomas Haller <thaller@redhat.com> | 2017-04-21 11:56:28 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2017-04-21 13:38:21 +0200 |
| commit | cc1d409ba886e8e7c33f845790cfc700fcd2d854 (patch) | |
| tree | 49b5b48cb23cfa3082ba1e6afbe2442f693815d4 | |
| parent | 8583e62276a23a7ea858edf6c71d122e22f41955 (diff) | |
| download | NetworkManager-cc1d409ba886e8e7c33f845790cfc700fcd2d854.tar.gz | |
dbus: allow firewalld to communicate with NetworkManager
Usually, this "<allow send_destination="..."/>" part is shipped
by firewalld's D-Bus policy. However, if firewalld is initially
not installed with NetworkManager already running, dbus-daemon
seems to cache the missing permission for the D-Bus connection.
As a result, when installing and starting firewalld, NetworkManager
requests fail until restart:
firewall: [0x7f4b83643890,change:"eth1"]: complete: request failed (Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=715 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.fedoraproject.FirewallD1.zone" member="changeZone" error name="(unset)" requested_reply="0" destination=":1.25" (uid=0 pid=1243 comm="/usr/bin/python -Es /usr/sbin/firewalld --nofork -"))
https://bugzilla.redhat.com/show_bug.cgi?id=1436770
| -rw-r--r-- | src/org.freedesktop.NetworkManager.conf | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf index e4d1b78ba6..6be1feb68e 100644 --- a/src/org.freedesktop.NetworkManager.conf +++ b/src/org.freedesktop.NetworkManager.conf @@ -27,6 +27,8 @@ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/> <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> + <allow send_destination="org.fedoraproject.FirewallD1"/> + <!-- Allow the custom name for the dnsmasq instance spawned by NM from the dns dnsmasq plugin to own it's dbus name, and for messages to be sent to it. |