From 87ecae78c07da6db1faa18504b06345ab3ba51a0 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Mon, 9 Jul 2018 11:29:33 -0400
Subject: [PATCH 01/22] RHEL only: Add cockpit by default to some zones

Fixes: #1581578
---
 config/zones/home.xml     |  1 +
 config/zones/internal.xml |  1 +
 config/zones/public.xml   |  1 +
 config/zones/work.xml     |  1 +
 src/tests/functions.at    | 19 +++++++++++++++++++
 5 files changed, 23 insertions(+)

diff --git a/config/zones/home.xml b/config/zones/home.xml
index 42b29b2f2d50..8aa8afa0e8aa 100644
--- a/config/zones/home.xml
+++ b/config/zones/home.xml
@@ -6,4 +6,5 @@
   <service name="mdns"/>
   <service name="samba-client"/>
   <service name="dhcpv6-client"/>
+  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/internal.xml b/config/zones/internal.xml
index e646b48c94e8..40cb7e14424b 100644
--- a/config/zones/internal.xml
+++ b/config/zones/internal.xml
@@ -6,4 +6,5 @@
   <service name="mdns"/>
   <service name="samba-client"/>
   <service name="dhcpv6-client"/>
+  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/public.xml b/config/zones/public.xml
index 49795d8c9068..617e131a4895 100644
--- a/config/zones/public.xml
+++ b/config/zones/public.xml
@@ -4,4 +4,5 @@
   <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
   <service name="ssh"/>
   <service name="dhcpv6-client"/>
+  <service name="cockpit"/>
 </zone>
diff --git a/config/zones/work.xml b/config/zones/work.xml
index 6ea5550a40bd..9609ee6f65c2 100644
--- a/config/zones/work.xml
+++ b/config/zones/work.xml
@@ -4,4 +4,5 @@
   <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
   <service name="ssh"/>
   <service name="dhcpv6-client"/>
+  <service name="cockpit"/>
 </zone>
diff --git a/src/tests/functions.at b/src/tests/functions.at
index 582fdcc19314..6b1263b178dc 100644
--- a/src/tests/functions.at
+++ b/src/tests/functions.at
@@ -105,6 +105,13 @@ m4_define([FWD_START_TEST], [
 
     m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [
         AT_KEYWORDS(offline)
+        dnl cockpit is added by default downstream, but upstream tests don't expect
+        dnl it. Simply remove it at the start of every test.
+        dnl
+        FWD_OFFLINE_CHECK([--zone home --remove-service-from-zone cockpit], 0, [ignore])
+        FWD_OFFLINE_CHECK([--zone internal --remove-service-from-zone cockpit], 0, [ignore])
+        FWD_OFFLINE_CHECK([--zone public --remove-service-from-zone cockpit], 0, [ignore])
+        FWD_OFFLINE_CHECK([--zone work --remove-service-from-zone cockpit], 0, [ignore])
     ], [
         m4_define_default([FIREWALL_BACKEND], [nftables])
 
@@ -226,6 +233,18 @@ m4_define([FWD_START_TEST], [
         ])
 
         FWD_START_FIREWALLD
+
+        dnl cockpit is added by default downstream, but upstream tests don't expect
+        dnl it. Simply remove it at the start of every test.
+        dnl
+        FWD_CHECK([--permanent --zone home --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([            --zone home --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([--permanent --zone internal --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([            --zone internal --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([--permanent --zone public --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([            --zone public --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([--permanent --zone work --remove-service cockpit], 0, [ignore])
+        FWD_CHECK([            --zone work --remove-service cockpit], 0, [ignore])
     ])
 ])
 
-- 
2.27.0