rpms/firewalld
6
0
Fork 0
Code Issues Pull Requests Releases Activity

fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)

Browse Source 
Resolves: RHEL-77738
This commit is contained in:
Eric Garver 2025-06-02 12:34:19 -04:00
parent 0d4bf89bb7
commit 67d4050baa
3 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch Normal file
View File

@ -0,0 +1,31 @@
From 257dce8a7769d0b4268973065dfe0a77455d1ce6 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 2 Jun 2025 11:27:10 -0400
Subject: [PATCH] fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)
Do not fail to start the service if `firewall-cmd --state` returns this
error code. The daemon is started, but in a recovery mode due to invalid
configuration.
Fixes: 4ddfe5672e3a ("fix(systemd): verify firewalld is responsive to dbus")
(cherry picked from commit d52815e198f05378a3f34633adfedd29165cc64e)
---
config/firewalld.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/config/firewalld.service.in b/config/firewalld.service.in
index cd7f772b8581..bd8690fd87a6 100644
--- a/config/firewalld.service.in
+++ b/config/firewalld.service.in
@@ -11,6 +11,8 @@ Documentation=man:firewalld(1)
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecStartPost=@bindir@/firewall-cmd --state
+# don't fail ExecStartPost on RUNNING_BUT_FAILED
+SuccessExitStatus=251
ExecReload=/bin/kill -HUP $MAINPID
StandardOutput=null
StandardError=null
--
2.47.1

2
firewalld.service
View File

@ -8,6 +8,8 @@ EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=/usr/sbin/firewalld $FIREWALLD_ARGS
ExecStartPost=/usr/bin/firewall-cmd --state
ExecReload=/usr/bin/firewall-cmd --reload
# don't fail ExecStartPost on RUNNING_BUT_FAILED
SuccessExitStatus=251
[Install]
WantedBy=multi-user.target

6
firewalld.spec
View File

@ -1,7 +1,7 @@
Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
Name: firewalld
Version: 1.3.4
Release: 13%{?dist}
Release: 14%{?dist}
URL: http://www.firewalld.org
License: GPLv2+
Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2
@ -36,6 +36,7 @@ Patch28: 0028-v2.4.0-fix-systemd-remove-unnecessary-comment.patch
Patch29: 0029-v2.4.0-test-nftables-table-owner-use-grep-instead-of.patch
Patch30: 0030-v2.4.0-chore-ipset-remove-set_supported_types.patch
Patch31: 0031-v2.4.0-fix-fw-start-remove-ipset-probe.patch
Patch32: 0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch
BuildArch: noarch
BuildRequires: autoconf
BuildRequires: automake
@ -259,6 +260,9 @@ rm -rf %{buildroot}%{_datadir}/firewalld/testsuite
%{_mandir}/man1/firewall-config*.1*
%changelog
* Mon Jun 02 2025 Eric Garver <egarver@redhat.com> - 1.3.4-14
- fix(systemd): allow start code 251 (RUNNING_BUT_FAILED)
* Mon May 19 2025 Eric Garver <egarver@redhat.com> - 1.3.4-13
- fix(fw): start: remove ipset probe