Bug 1197911 - firewalld Error when booting
firewalld Error when booting
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.3
x86-64 openSUSE Leap 15.3
: P5 - None : Normal with 3 votes (vote)
: ---
Assigned To: Marcus Meissner
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-01 09:13 UTC by Donald Curtis
Modified: 2022-07-28 08:36 UTC (History)
8 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Donald Curtis 2022-04-01 09:13:15 UTC
During boot, the Firewall daemon logs the following in the systemd Journal -

[    8.848736] systemd[1]: Starting firewalld - dynamic firewall daemon...
[    9.410805] systemd[1]: Started firewalld - dynamic firewall daemon.
[    9.598836] firewalld[1182]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', False, '', {}, [], True, True, True, False, 'off')>(()) failed: check_config_dict() takes 2 positional arguments but 3 were given
[    9.607993] firewalld[1182]: ERROR: Calling pre func <bound method Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True, True, 'INIT', False, '', {}, [], True, True, True, False, 'off')>(()) failed: check_config_dict() takes 2 positional arguments but 3 were given
[   10.103644] dbus-daemon[1177]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service' requested by ':1.5' (uid=0 pid=1182 comm="/usr/bin/python3 /usr/sbin/firewalld --nofork --no")

----------------------------------------------------------------------------
Package: firewalld-0.9.3-150300.3.3.1.noarch

Operating System: openSUSE Leap 15.3
KDE Plasma Version: 5.18.6
KDE Frameworks Version: 5.76.0
Qt Version: 5.12.7
Kernel Version: 5.3.18-150300.59.60-default
OS Type: 64-bit
Processors: 8 × AMD Ryzen 5 3400G with Radeon Vega Graphics
Memory: 13,6 GiB
Comment 1 Ulrich Windl 2022-04-25 08:13:41 UTC
I see this too after updating (messages piped through fold due to excess length).
Apr 25 10:08:01 pcxxxxxxxxxx firewalld[1868]: ERROR: Calling pre func <bound met
hod Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True
, True, 'INIT', False, '', {}, [], True, True, True, False, 'off')>(()) failed: 
check_config_dict() takes 2 positional arguments but 3 were given
Apr 25 10:08:01 pcxxxxxxxxxx systemd-udevd[7470]: Network interface NamePolicy= 
disabled by default.
Apr 25 10:08:01 pcxxxxxxxxxx firewalld[1868]: ERROR: Calling pre func <bound met
hod Firewall.full_check_config of <class 'firewall.core.fw.Firewall'>(True, True
, True, 'INIT', False, 'public', {}, [], True, True, True, False, 'off')>(()) fa
iled: check_config_dict() takes 2 positional arguments but 3 were given
Comment 2 Otto Hollmann 2022-04-27 08:20:31 UTC
This bug is also reported in our internal bugzilla bug 1198814 so let me share progress/summary of this bug.

This issue was introduced with latest update, where function full_check_config() was backported. This function calling check_config_dict with 3 arguments, but check_config_dict() is defined to accept only two arguments.

The missing commits that fixes function check_config_dict to accept 3 parameters are:
> 51260672a597367b71be33c3264cf64124f7e97a
> 4e8710b0df4c1ae4625c612ffa560219fed9f709
Comment 3 Otto Hollmann 2022-06-09 10:00:50 UTC
New version has been released on 2022-05-25, so we can consider this bug as resolved. Unless there are any objections, I will close this bug next week.
Comment 4 Moritz Duge 2022-06-09 10:12:39 UTC
(In reply to Otto Hollmann from comment #2)
> [...]
> The missing commits that fixes function check_config_dict to accept 3
> parameters are:
> > 51260672a597367b71be33c3264cf64124f7e97a
> > 4e8710b0df4c1ae4625c612ffa560219fed9f709

openSUSE-15.4 is affected too.
But until no update arrived.
https://download.opensuse.org/update/leap/15.4/sle/noarch/


Workaround until the update arrives:
Get the patches and apply them manually.
Worked for me with openSUSE-15.4 / python3-firewall-0.9.3-150400.7.6

Applied in this order:

1.
https://github.com/firewalld/firewalld/commit/51260672a597367b71be33c3264cf64124f7e97a.patch

2.
https://github.com/firewalld/firewalld/commit/4e8710b0df4c1ae4625c612ffa560219fed9f709.patch
Comment 5 Otto Hollmann 2022-06-09 10:24:51 UTC
This bug was opened for Leap 15.3 and it already received update.

But you are right, in leap 15.4 it's not yet fixed. Same patches are already submitted into maintenence, but not yet released. I will ping responsible people to get it released.
Comment 7 M. Edwin Zakaria 2022-07-11 08:21:47 UTC
(In reply to Otto Hollmann from comment #5)
> This bug was opened for Leap 15.3 and it already received update.
> 
> But you are right, in leap 15.4 it's not yet fixed. Same patches are already
> submitted into maintenence, but not yet released. I will ping responsible
> people to get it released.

Do you have any info when the update will be released for 15.4?
Comment 8 Otto Hollmann 2022-07-11 10:16:58 UTC
No, but changes were already submitted (private comment #6 that you probably can't see) so new (fixed) version will be released soon.
Comment 9 M. Edwin Zakaria 2022-07-12 06:37:10 UTC
(In reply to Otto Hollmann from comment #8)
> No, but changes were already submitted (private comment #6 that you probably
> can't see) so new (fixed) version will be released soon.

You right I cannot see it. Thank you for following this up.
Comment 10 Mathias Homann 2022-07-16 21:21:35 UTC
I'm seeing the same errors on 15.4...
Comment 11 Otto Hollmann 2022-07-27 09:19:27 UTC
Fixed firewalld-0.9.3-150400.8.6.1 package for Leap 15.4 and SLE15-SP4 has been released on 2022-07-21. Please confirm that it resolve even your issue and then we will close this bug.
Comment 12 Mathias Homann 2022-07-27 09:28:47 UTC
looks fine now on 15.4 with firewalld-0.9.3-150400.8.6.1.noarch
Comment 13 Marco Galicia 2022-07-27 19:35:40 UTC
Hi, I have the same issue in  Open Suse Leap Micro OS 5.2
Current version of firewalld is 0.9.3-150400.7.6
Comment 14 Marco Galicia 2022-07-27 20:00:59 UTC
Pulling from this repo https://download.opensuse.org/update/leap/15.4/sle/noarch/ in Micro Os solved the issue
Comment 15 Otto Hollmann 2022-07-27 20:02:08 UTC
openSUSE Leap Micro 5.2 inherited codestream from SLE15-SP3 so the fix should be already released.

firewalld-0.9.3-150300.3.9.1 released on 2022-05-25, 

Unfortunately I don't have any Micro 5.2 at hand, but I'm pretty sure that fix is available. Can you please double check it that there is no pending update?
Comment 16 Marco Galicia 2022-07-27 20:05:56 UTC
I just added the Leap repo SLES to micro os to update. And with that it is solved. As far as I know it can be done as Micros is Leap. However I do not think it comes by default enabled. Maybe you are refering to 5.1 as I am aware 5.2 inherits Leap 15.4
Comment 17 Otto Hollmann 2022-07-27 20:25:24 UTC
Out internal tool shows that Leap Micro 5.2 using SUSE:SLE-15-SP3:Update codestream. And as I wrote the same version like for Leap 15.3 has been released for Micro 5.2

That also explains why you can not see newer version, because you were using one from 15.4 which is "higher" than version from standard Leap Micro 5.2 repository.

But thank you for raising this issue, seems like there is something wrong. I will look at it.
Comment 18 Marco Galicia 2022-07-27 20:40:37 UTC
So now I just messed up my system mixing repos. Well It is not an issue as I can just get back to the previous snapshot. But yes, There is no update of firewalld in the Micro Os 5.2 repo:  https://download.opensuse.org/repositories/openSUSE:/Leap:/Micro:/5.2/images/
Comment 19 Marco Galicia 2022-07-27 22:31:25 UTC
Sorry I had the wrong repos in Micro Os after sorting that I get the following package version for firewalld=0.9.3-1.1, maybe the bug is not even there. Because it is working
Comment 20 Marcus Meissner 2022-07-28 08:36:09 UTC
http://download.opensuse.org/update/leap-micro/5.2/sle/

is the leap micro 5.2 sle imported repo.

The repo was not yet automatically added in the GA version, but will be in the first respin of Leap Micro 5.2.