|
 |
bdce9f |
From 174b42b2943200a7b2ec2dab6c3445158aa04aba Mon Sep 17 00:00:00 2001
|
|
|
bdce9f |
From: Eric Garver <egarver@redhat.com>
|
|
|
bdce9f |
Date: Tue, 25 May 2021 13:31:41 -0400
|
|
|
bdce9f |
Subject: [PATCH] RHEL only: Add cockpit by default to some zones
|
|
|
bdce9f |
|
|
|
bdce9f |
Fixes: #1581578
|
|
|
bdce9f |
---
|
|
|
bdce9f |
config/zones/home.xml | 1 +
|
|
|
bdce9f |
config/zones/internal.xml | 1 +
|
|
|
bdce9f |
config/zones/public.xml | 1 +
|
|
|
bdce9f |
config/zones/work.xml | 1 +
|
|
|
bdce9f |
src/tests/functions.at | 20 ++++++++++++++++++++
|
|
|
bdce9f |
5 files changed, 24 insertions(+)
|
|
|
bdce9f |
|
|
|
bdce9f |
diff --git a/config/zones/home.xml b/config/zones/home.xml
|
|
|
bdce9f |
index d73c9bdb16b6..33064688367e 100644
|
|
|
bdce9f |
--- a/config/zones/home.xml
|
|
|
bdce9f |
+++ b/config/zones/home.xml
|
|
|
bdce9f |
@@ -6,5 +6,6 @@
|
|
|
bdce9f |
<service name="mdns"/>
|
|
|
bdce9f |
<service name="samba-client"/>
|
|
|
bdce9f |
<service name="dhcpv6-client"/>
|
|
|
bdce9f |
+ <service name="cockpit"/>
|
|
|
bdce9f |
<forward/>
|
|
|
bdce9f |
</zone>
|
|
|
bdce9f |
diff --git a/config/zones/internal.xml b/config/zones/internal.xml
|
|
|
bdce9f |
index 053c18ccda8b..852b16ad94dd 100644
|
|
|
bdce9f |
--- a/config/zones/internal.xml
|
|
|
bdce9f |
+++ b/config/zones/internal.xml
|
|
|
bdce9f |
@@ -6,5 +6,6 @@
|
|
|
bdce9f |
<service name="mdns"/>
|
|
|
bdce9f |
<service name="samba-client"/>
|
|
|
bdce9f |
<service name="dhcpv6-client"/>
|
|
|
bdce9f |
+ <service name="cockpit"/>
|
|
|
bdce9f |
<forward/>
|
|
|
bdce9f |
</zone>
|
|
|
bdce9f |
diff --git a/config/zones/public.xml b/config/zones/public.xml
|
|
|
bdce9f |
index 49fc4c20af52..62bc751de448 100644
|
|
|
bdce9f |
--- a/config/zones/public.xml
|
|
|
bdce9f |
+++ b/config/zones/public.xml
|
|
|
bdce9f |
@@ -4,5 +4,6 @@
|
|
|
bdce9f |
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
|
|
|
bdce9f |
<service name="ssh"/>
|
|
|
bdce9f |
<service name="dhcpv6-client"/>
|
|
|
bdce9f |
+ <service name="cockpit"/>
|
|
|
bdce9f |
<forward/>
|
|
|
bdce9f |
</zone>
|
|
|
bdce9f |
diff --git a/config/zones/work.xml b/config/zones/work.xml
|
|
|
bdce9f |
index f1a14a9b4682..27b54a7783c4 100644
|
|
|
bdce9f |
--- a/config/zones/work.xml
|
|
|
bdce9f |
+++ b/config/zones/work.xml
|
|
|
bdce9f |
@@ -4,5 +4,6 @@
|
|
|
bdce9f |
<description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
|
|
|
bdce9f |
<service name="ssh"/>
|
|
|
bdce9f |
<service name="dhcpv6-client"/>
|
|
|
bdce9f |
+ <service name="cockpit"/>
|
|
|
bdce9f |
<forward/>
|
|
|
bdce9f |
</zone>
|
|
|
bdce9f |
diff --git a/src/tests/functions.at b/src/tests/functions.at
|
|
|
bdce9f |
index 3f343ef49de1..c950a3c7a1a6 100644
|
|
|
bdce9f |
--- a/src/tests/functions.at
|
|
|
bdce9f |
+++ b/src/tests/functions.at
|
|
|
bdce9f |
@@ -106,6 +106,14 @@ m4_define([FWD_START_TEST], [
|
|
|
bdce9f |
fi
|
|
|
bdce9f |
|
|
|
bdce9f |
m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [
|
|
|
bdce9f |
+ AT_KEYWORDS(offline)
|
|
|
bdce9f |
+ dnl cockpit is added by default downstream, but upstream tests don't expect
|
|
|
bdce9f |
+ dnl it. Simply remove it at the start of every test.
|
|
|
bdce9f |
+ dnl
|
|
|
bdce9f |
+ FWD_OFFLINE_CHECK([--zone home --remove-service-from-zone cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_OFFLINE_CHECK([--zone internal --remove-service-from-zone cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_OFFLINE_CHECK([--zone public --remove-service-from-zone cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_OFFLINE_CHECK([--zone work --remove-service-from-zone cockpit], 0, [ignore])
|
|
|
bdce9f |
], [
|
|
|
bdce9f |
dnl set the appropriate backend
|
|
|
bdce9f |
AT_CHECK([sed -i 's/^FirewallBackend.*/FirewallBackend=FIREWALL_BACKEND/' ./firewalld.conf])
|
|
|
bdce9f |
@@ -237,6 +245,18 @@ m4_define([FWD_START_TEST], [
|
|
|
bdce9f |
])
|
|
|
bdce9f |
|
|
|
bdce9f |
FWD_START_FIREWALLD
|
|
|
bdce9f |
+
|
|
|
bdce9f |
+ dnl cockpit is added by default downstream, but upstream tests don't expect
|
|
|
bdce9f |
+ dnl it. Simply remove it at the start of every test.
|
|
|
bdce9f |
+ dnl
|
|
|
bdce9f |
+ FWD_CHECK([--permanent --zone home --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([ --zone home --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([--permanent --zone internal --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([ --zone internal --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([--permanent --zone public --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([ --zone public --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([--permanent --zone work --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
+ FWD_CHECK([ --zone work --remove-service cockpit], 0, [ignore])
|
|
|
bdce9f |
])
|
|
|
bdce9f |
])
|
|
|
bdce9f |
|
|
|
bdce9f |
--
|
|
|
bdce9f |
2.27.0
|
|
|
bdce9f |
|