firewalld/0001-fw_transaction-On-clear-zone-transaction-must-clear-.patch

From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Fri, 21 Sep 2018 11:02:18 -0400
Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw
 and other zones

Just like FirewallZoneTransaction.execute() that was spawned from a
FirewallTransaction must call FirewallTransaction.exectue() we should
also make sure the same is done for clear(). Otherwise we can end up
with a partially cleared transaction. This gets really hairy if the
FirewallTransaction contains many instances of FirewallZoneTransaction
which is common during startup with non-default configuration.

Fixes: #374
---
 src/firewall/core/fw_transaction.py | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
index f169e4a923dd..ad204c1991cf 100644
--- a/src/firewall/core/fw_transaction.py
+++ b/src/firewall/core/fw_transaction.py
@@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction):
         self.modules = [ ] # [ module,.. ]
 
     def clear(self):
-        super(FirewallZoneTransaction, self).clear()
-        del self.chains[:]
-        del self.modules[:]
+        # calling clear on a zone_transaction that was spawned from a
+        # FirewallTransaction needs to clear the fw_transaction and all the
+        # other zones otherwise we end up with a partially cleared transaction.
+        if self.fw_transaction:
+            super(FirewallTransaction, self.fw_transaction).clear()
+            for zone in self.fw_transaction.zone_transactions.keys():
+                super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()
+                del self.fw_transaction.zone_transactions[zone].chains[:]
+                del self.fw_transaction.zone_transactions[zone].modules[:]
+        else:
+            super(FirewallZoneTransaction, self).clear()
+            del self.chains[:]
+            del self.modules[:]
 
     def prepare(self, enable, rules=None, modules=None):
         log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))
-- 
2.18.0
rebase to v0.6.2 Resolves: rhbz 1624600 2018-09-21 16:22:24 +00:00			`From 2e53fab83ac844c1d2fb2781116ad47b8900ab85 Mon Sep 17 00:00:00 2001`
			`From: Eric Garver <e@erig.me>`
			`Date: Fri, 21 Sep 2018 11:02:18 -0400`
			`Subject: [PATCH 1/2] fw_transaction: On clear zone transaction, must clear fw`
			`and other zones`

			`Just like FirewallZoneTransaction.execute() that was spawned from a`
			`FirewallTransaction must call FirewallTransaction.exectue() we should`
			`also make sure the same is done for clear(). Otherwise we can end up`
			`with a partially cleared transaction. This gets really hairy if the`
			`FirewallTransaction contains many instances of FirewallZoneTransaction`
			`which is common during startup with non-default configuration.`

			`Fixes: #374`
			`---`
			`src/firewall/core/fw_transaction.py \| 16 +++++++++++++---`
			`1 file changed, 13 insertions(+), 3 deletions(-)`

			`diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py`
			`index f169e4a923dd..ad204c1991cf 100644`
			`--- a/src/firewall/core/fw_transaction.py`
			`+++ b/src/firewall/core/fw_transaction.py`
			`@@ -231,9 +231,19 @@ class FirewallZoneTransaction(SimpleFirewallTransaction):`
			`self.modules = [ ] # [ module,.. ]`

			`def clear(self):`
			`- super(FirewallZoneTransaction, self).clear()`
			`- del self.chains[:]`
			`- del self.modules[:]`
			`+ # calling clear on a zone_transaction that was spawned from a`
			`+ # FirewallTransaction needs to clear the fw_transaction and all the`
			`+ # other zones otherwise we end up with a partially cleared transaction.`
			`+ if self.fw_transaction:`
			`+ super(FirewallTransaction, self.fw_transaction).clear()`
			`+ for zone in self.fw_transaction.zone_transactions.keys():`
			`+ super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()`
			`+ del self.fw_transaction.zone_transactions[zone].chains[:]`
			`+ del self.fw_transaction.zone_transactions[zone].modules[:]`
			`+ else:`
			`+ super(FirewallZoneTransaction, self).clear()`
			`+ del self.chains[:]`
			`+ del self.modules[:]`

			`def prepare(self, enable, rules=None, modules=None):`
			`log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))`
			`--`
			`2.18.0`