rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0048-RHEL-only-default-to-CleanupModulesOnExit-yes.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   c8-beta
  2.   SOURCES
  3.   0048-RHEL-only-default-to-CleanupModulesOnExit-yes.patch
Blob History Raw
b8221b 
From 1aef58a8ff6d232cefcc6bd19ea63c0f071bfee3 Mon Sep 17 00:00:00 2001
b8221b 
From: Eric Garver <egarver@redhat.com>
b8221b 
Date: Mon, 20 Dec 2021 13:56:55 -0500
b8221b 
Subject: [PATCH 48/48] RHEL only: default to CleanupModulesOnExit=yes
b8221b
b8221b 
Resolves: rhbz1980206
b8221b 
---
b8221b 
 config/firewalld.conf              | 4 ++--
b8221b 
 doc/xml/firewalld.conf.xml         | 4 ++--
b8221b 
 src/firewall/config/__init__.py.in | 2 +-
b8221b 
 src/firewall/core/fw.py            | 2 ++
b8221b 
 src/tests/dbus/firewalld.conf.at   | 4 ++--
b8221b 
 5 files changed, 9 insertions(+), 7 deletions(-)
b8221b
b8221b 
diff --git a/config/firewalld.conf b/config/firewalld.conf
b8221b 
index 3abbc9c998c1..c387f87c28be 100644
b8221b 
--- a/config/firewalld.conf
b8221b 
+++ b/config/firewalld.conf
b8221b 
@@ -15,8 +15,8 @@ CleanupOnExit=yes
b8221b 
 # If set to yes or true the firewall related kernel modules will be
b8221b 
 # unloaded on exit or stop of firewalld. This might attempt to unload
b8221b 
 # modules not originally loaded by firewalld.
b8221b 
-# Default: no
b8221b 
-CleanupModulesOnExit=no
b8221b 
+# Default: yes
b8221b 
+CleanupModulesOnExit=yes
b8221b
b8221b 
 # Lockdown
b8221b 
 # If set to enabled, firewall changes with the D-Bus interface will be limited
b8221b 
diff --git a/doc/xml/firewalld.conf.xml b/doc/xml/firewalld.conf.xml
b8221b 
index dd6ffb214eb3..12d9f5fc563e 100644
b8221b 
--- a/doc/xml/firewalld.conf.xml
b8221b 
+++ b/doc/xml/firewalld.conf.xml
b8221b 
@@ -93,8 +93,8 @@
b8221b 
         <listitem>
b8221b 
           <para>
b8221b 
             Setting this option to yes or true unloads all firewall-related
b8221b 
-            kernel modules when firewalld is stopped. The default value is no
b8221b 
-            or false.
b8221b 
+            kernel modules when firewalld is stopped. The default value is yes
b8221b 
+            or true.
b8221b 
           </para>
b8221b 
         </listitem>
b8221b 
       </varlistentry>
b8221b 
diff --git a/src/firewall/config/__init__.py.in b/src/firewall/config/__init__.py.in
b8221b 
index 5d6d769fbf15..285e2f034b6b 100644
b8221b 
--- a/src/firewall/config/__init__.py.in
b8221b 
+++ b/src/firewall/config/__init__.py.in
b8221b 
@@ -125,7 +125,7 @@ FIREWALL_BACKEND_VALUES = [ "nftables", "iptables" ]
b8221b 
 FALLBACK_ZONE = "public"
b8221b 
 FALLBACK_MINIMAL_MARK = 100
b8221b 
 FALLBACK_CLEANUP_ON_EXIT = True
b8221b 
-FALLBACK_CLEANUP_MODULES_ON_EXIT = False
b8221b 
+FALLBACK_CLEANUP_MODULES_ON_EXIT = True
b8221b 
 FALLBACK_LOCKDOWN = False
b8221b 
 FALLBACK_IPV6_RPFILTER = True
b8221b 
 FALLBACK_INDIVIDUAL_CALLS = False
b8221b 
diff --git a/src/firewall/core/fw.py b/src/firewall/core/fw.py
b8221b 
index 4171697bdb94..5cef18b5f889 100644
b8221b 
--- a/src/firewall/core/fw.py
b8221b 
+++ b/src/firewall/core/fw.py
b8221b 
@@ -238,6 +238,8 @@ class Firewall(object):
b8221b 
                 value = self._firewalld_conf.get("CleanupModulesOnExit")
b8221b 
                 if value is not None and value.lower() in [ "yes", "true" ]:
b8221b 
                     self.cleanup_modules_on_exit = True
b8221b 
+                if value is not None and value.lower() in [ "no", "false" ]:
b8221b 
+                    self.cleanup_modules_on_exit = False
b8221b 
                 log.debug1("CleanupModulesOnExit is set to '%s'",
b8221b 
                            self.cleanup_modules_on_exit)
b8221b
b8221b 
diff --git a/src/tests/dbus/firewalld.conf.at b/src/tests/dbus/firewalld.conf.at
b8221b 
index 9a04a3bd491c..68832bca33bc 100644
b8221b 
--- a/src/tests/dbus/firewalld.conf.at
b8221b 
+++ b/src/tests/dbus/firewalld.conf.at
b8221b 
@@ -17,7 +17,7 @@ dnl Verify defaults over dbus. Should be inline with default firewalld.conf.
b8221b 
 DBUS_GETALL([config], [config], 0, [dnl
b8221b 
 string "AllowZoneDrifting" : variant string "no"
b8221b 
 string "AutomaticHelpers" : variant string "no"
b8221b 
-string "CleanupModulesOnExit" : variant string "no"
b8221b 
+string "CleanupModulesOnExit" : variant string "yes"
b8221b 
 string "CleanupOnExit" : variant string "no"
b8221b 
 string "DefaultZone" : variant string "public"
b8221b 
 string "FirewallBackend" : variant string "nftables"
b8221b 
@@ -46,7 +46,7 @@ _helper([IPv6_rpfilter], [string:"yes"], [variant string "yes"])
b8221b 
 _helper([IndividualCalls], [string:"yes"], [variant string "yes"])
b8221b 
 _helper([FirewallBackend], [string:"iptables"], [variant string "iptables"])
b8221b 
 _helper([FlushAllOnReload], [string:"no"], [variant string "no"])
b8221b 
-_helper([CleanupModulesOnExit], [string:"yes"], [variant string "yes"])
b8221b 
+_helper([CleanupModulesOnExit], [string:"no"], [variant string "no"])
b8221b 
 _helper([CleanupOnExit], [string:"yes"], [variant string "yes"])
b8221b 
 _helper([RFC3964_IPv4], [string:"no"], [variant string "no"])
b8221b 
 _helper([AllowZoneDrifting], [string:"yes"], [variant string "yes"])
b8221b 
--
b8221b 
2.31.1
b8221b

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation