-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/04/2014 07:36 AM, Thomas Woerner wrote: > On 07/03/2014 09:32 PM, Stef Walter wrote: >> On 03.07.2014 15:39, Rex Dieter wrote: >>> I'm looking into providing a predefined firewalld service >>> definition for kde-connect, per >>> https://bugzilla.redhat.com/show_bug.cgi?id=1115547 >>> >>> Looks like it's as easy as dropping an xml snippet into >>> /usr/lib/firewalld/services/ >>> >>> I'm also noticing currently that the only package besides >>> fallwalld itself doing this is cockpit, which includes a %post >>> scriptlet: >>> >>> # firewalld only partially picks up changes to its services >>> files # without this test -f %{_bindir}/firewall-cmd && >>> firewall-cmd --reload --quiet || true >>> >>> >>> Is this the recommended approach? If so, I'll follow this >>> lead, and maybe start work on drafting some packaging >>> guidelines. >> >> Thomas Woerner would be the one to work out those guidelines. >> > Yes. > >> But to explain ... apparently there are two firewalld >> "environments". When you install a service file it only affects >> the installed environment (used after a reboot) and not the >> current "runtime environment". >> >> This means that a user can't immediately use your service >> definition in a command like: >> >> $ firewall-cmd --add-service=cockpit >> >> The command: >> >> $ firewall-cmd --reload >> >> ... makes newly installed service files available in the runtime >> environment. I guess this is sorta analogous to 'systemctl >> daemon-reload'. >> > Newly added services and zones are available in the permanent > environment of firewalld, where they can be used with the UI and > command line tools. > > To have a newly added service or zone in the runtime environment it > is needed to reload firewalld: firewall-cmd --reload or systemctl > reload firewalld.service. > Thomas, the real question here is this: If a package wants to install (and maintain) its own set of firewalld service definitions, is the approach Stef took the best one? If so, we should submit a Packaging Guidelines edit to the FPC and get this codified where others can find it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlO6mLwACgkQeiVVYja6o6MnWgCfT9Nle/gfxrmsBu13mIS03f4J n+sAn2oMz8nlbBukQ1Y+/R9VkrKV9JO7 =9yrD -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
