On 03.07.2014 15:39, Rex Dieter wrote: > I'm looking into providing a predefined firewalld service definition for > kde-connect, per > https://bugzilla.redhat.com/show_bug.cgi?id=1115547 > > Looks like it's as easy as dropping an xml snippet into > /usr/lib/firewalld/services/ > > I'm also noticing currently that the only package besides fallwalld itself > doing this is cockpit, which includes a %post scriptlet: > > # firewalld only partially picks up changes to its services files > # without this > test -f %{_bindir}/firewall-cmd && firewall-cmd --reload --quiet || true > > > Is this the recommended approach? If so, I'll follow this lead, and maybe > start work on drafting some packaging guidelines. Thomas Woerner would be the one to work out those guidelines. But to explain ... apparently there are two firewalld "environments". When you install a service file it only affects the installed environment (used after a reboot) and not the current "runtime environment". This means that a user can't immediately use your service definition in a command like: $ firewall-cmd --add-service=cockpit The command: $ firewall-cmd --reload ... makes newly installed service files available in the runtime environment. I guess this is sorta analogous to 'systemctl daemon-reload'. Stef -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct