Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 876683
Summary: | RFE: make firewalld be a dbus activated service that exits after a period of inactivity | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Matthew Miller <mattdm> |
Component: | firewalld | Assignee: | Eric Garver <egarver> |
Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | jpopelka, pbrobinson, samuel-rhbugs, twoerner, walters |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | Bug | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 245418, 1269538 |
Description
Matthew Miller
2012-11-14 17:32:45 UTC
See comments from Lennart Poettering on how to implement dbus activation with systemd here: http://www.mail-archive.com/devel@lists.fedoraproject.org/msg50875.html This needs some verification work to make sure that a mechanism like this is usable at all times and does not result in other problems like for example message timeouts for requests if the timeout of a request is shorter than the start time of the daemon using dbus activation. The results of the D-Bus activation tests with firewalld are: The mechanisms is working, but firewalld will not suspend as long as a consumer of the D-Bus interface of firewalld is active. To be more pecise: As long as there is a signal receiver for the firewalld D-Bus interface, firewalld will not suspend. This is the case for NetworkManager, firewall-applet and also firewall-config. The will most likely also be the case with configuration using a Cockpit plugin. Result: This feature is of limited use is most environments. > Result: This feature is of limited use is most environments.
What about in the case of a cloud server running NetworkManager in config-and-exit mode (or using systemd-networkd for network config)?
You say it's _likely_ that a Cockpit plugin would keep firewalld persistent; could it be carefully written so it doesn't?
As far as I know it is not possible to have a Cockpit plugin that is not keeping a D-Bus server in a persistent state. As soon as there is a signal receiver there is a consumer and the service should not suspend. I did some more tests and it seems that this is not an issue nowadays anymore. I only notified issues by switching from one dbus implementation to another one. For example by switching from python-dbus to gdbus. I will open a ticket for python-slip for deeper investigation. Here is the submitted issue for python-slip: https://github.com/nphilipp/python-slip/issues/2 Bump, any chance we can get this priortised? (In reply to Peter Robinson from comment #9) > Bump, any chance we can get this priortised? There is also a request upstream, but at the moment it's not a priority. https://github.com/firewalld/firewalld/issues/337 |