Re: firewalld broken dependencies on f24

François Patte <francois.patte@xxxxxxxxxxxxxxxxxxxx> · Mon, 9 Jan 2017 12:47:40 +0100

Le 09/01/2017 00:17, Ed Greshko a écrit :
> 
> 
> On 01/09/17 06:30, François Patte wrote:
>> For this reason, it is impossible to change any settings in firewall on
>> fedora 24.
>>
>> So, I can't ssh machines running f24, I can't set printers on machines
>> running f24...
>>
>> Is there a solution?
> 
> I have a fully updated F24 system except for the packages with the dependency issues:
> 
> root@f24 ~]# dnf --best update
> Last metadata expiration check: 0:34:16 ago on Mon Jan  9 06:41:24 2017.
> Error: package firewalld-0.4.4.2-2.fc24.noarch conflicts with selinux-policy <
> 3.13.1-191.23 provided by selinux-policy-3.13.1-191.21.fc24.noarch.
> package selinux-policy-targeted-3.13.1-191.21.fc24.noarch requires selinux-policy =
> 3.13.1-191.21.fc24, but none of the providers can be installed.
> package firewall-applet-0.4.4.2-2.fc24.noarch requires firewalld = 0.4.4.2-2.fc24, but
> none of the providers can be installed.
> package selinux-policy-targeted-3.13.1-191.21.fc24.noarch requires selinux-policy =
> 3.13.1-191.21.fc24, but none of the providers can be installed
> 
> But the currently installed packages work fine and I can make changes to my firewall.
> 
> So, what exactly are you seeing?

Thank you for answering.

1- If I want to update my system using dnf update, I get this message:

Paquets ignorés suite à des dépendances cassées: (ignored packages
because of broken dependencies)
 firewall-config                      noarch       0.4.4.2-2.fc24
        updates       153 k
 firewalld                            noarch       0.4.4.2-2.fc24
        updates       454 k
 firewalld-filesystem                 noarch       0.4.4.2-2.fc24
        updates        68 k
 python3-firewall                     noarch       0.4.4.2-2.fc24
        updates       351 k

2- At boot time (journalctl -b) I have these error messages:

/firewalld[1325]: ERROR: Failed to flush eb firewall:
'/usr/sbin/ebtables-restore --noflush' failed:

/firewalld[1325]: ERROR: INVALID_ZONE (2 times)

3- If I want to set the firewall (Applications->Administration->Firewall

In public, I tick ipp and ssh and reload firewalld, I get these messages
in journalctl:

janv. 09 12:32:59 bhaskara dbus-daemon[1339]: [system] Activating via
systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
requested by ':1.59' (uid=0 pid=3557
comm="/usr/lib/polkit-1/polkit-agent-helper-1 root "
label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")
janv. 09 12:32:59 bhaskara systemd[1]: Starting Fingerprint
Authentication Daemon...
janv. 09 12:32:59 bhaskara dbus-daemon[1339]: [system] Successfully
activated service 'net.reactivated.Fprint'
janv. 09 12:32:59 bhaskara audit[1]: SERVICE_START pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
janv. 09 12:32:59 bhaskara systemd[1]: Started Fingerprint
Authentication Daemon.
janv. 09 12:33:14 bhaskara audit[3557]: USER_AUTH pid=3557 uid=3025
auid=3025 ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:authentication grantors=pam_unix acct="root"
exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=?
terminal=? res=success'
janv. 09 12:33:14 bhaskara audit[3557]: USER_ACCT pid=3557 uid=3025
auid=3025 ses=2
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root"
exe="/usr/lib/polkit-1/polkit-agent-helper-1" hostname=? addr=?
terminal=? res=success'
janv. 09 12:33:14 bhaskara polkitd[1370]: Operator of unix-session:2
successfully authenticated as unix-user:root to gain TEMPORARY
authorization for action org.fedoraproject.FirewallD1.all for
system-bus-name::1.57 [/usr/bin/python3 -Es /usr/bin/firewall-config]
(owned by unix-user:fp)
janv. 09 12:33:29 bhaskara audit[1]: SERVICE_STOP pid=1 uid=0
auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=13
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=13
janv. 09 12:33:43 bhaskara /firewalld[1363]: ERROR: Failed to set policy
of eb firewall: '/usr/sbin/ebtables-restore --noflush' failed: Bad
argument : 'COMMIT'.
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=2
entries=26
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=13
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=41
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=27
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=10
entries=26
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=9
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=13
janv. 09 12:33:43 bhaskara /firewalld[1363]: ERROR: Failed to flush eb
firewall: '/usr/sbin/ebtables-restore --noflush' failed: Bad argument :
'COMMIT'.
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=2
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=2
entries=6
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=2 entries=5
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=2 entries=3
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=2
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=filter family=10
entries=4
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=mangle family=10
entries=6
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=nat family=10
entries=5
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=raw family=10
entries=3
janv. 09 12:33:43 bhaskara audit: NETFILTER_CFG table=security family=10
entries=4
janv. 09 12:34:03 bhaskara wpa_supplicant[1536]: wlp12s0: WPA: Group
rekeying completed with 00:1d:6a:69:e0:74 [GTK=TKIP]

Then the network is totaly blocked on the computer, I have to stop
firewalld.

-- 
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte

Attachment:
signature.asc

Description: OpenPGP digital signature
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx