From 67d4050baa581e44fe8d64463cbce39f3e1aa869 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Mon, 2 Jun 2025 12:34:19 -0400 Subject: [PATCH] fix(systemd): allow start code 251 (RUNNING_BUT_FAILED) Resolves: RHEL-77738 --- ...ow-start-code-251-RUNNING_BUT_FAILED.patch | 31 +++++++++++++++++++ firewalld.service | 2 ++ firewalld.spec | 6 +++- 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch diff --git a/0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch b/0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch new file mode 100644 index 0000000..cc318d9 --- /dev/null +++ b/0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch @@ -0,0 +1,31 @@ +From 257dce8a7769d0b4268973065dfe0a77455d1ce6 Mon Sep 17 00:00:00 2001 +From: Eric Garver +Date: Mon, 2 Jun 2025 11:27:10 -0400 +Subject: [PATCH] fix(systemd): allow start code 251 (RUNNING_BUT_FAILED) + +Do not fail to start the service if `firewall-cmd --state` returns this +error code. The daemon is started, but in a recovery mode due to invalid +configuration. + +Fixes: 4ddfe5672e3a ("fix(systemd): verify firewalld is responsive to dbus") +(cherry picked from commit d52815e198f05378a3f34633adfedd29165cc64e) +--- + config/firewalld.service.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/config/firewalld.service.in b/config/firewalld.service.in +index cd7f772b8581..bd8690fd87a6 100644 +--- a/config/firewalld.service.in ++++ b/config/firewalld.service.in +@@ -11,6 +11,8 @@ Documentation=man:firewalld(1) + EnvironmentFile=-/etc/sysconfig/firewalld + ExecStart=@sbindir@/firewalld --nofork --nopid $FIREWALLD_ARGS + ExecStartPost=@bindir@/firewall-cmd --state ++# don't fail ExecStartPost on RUNNING_BUT_FAILED ++SuccessExitStatus=251 + ExecReload=/bin/kill -HUP $MAINPID + StandardOutput=null + StandardError=null +-- +2.47.1 + diff --git a/firewalld.service b/firewalld.service index 021344c..5c41851 100644 --- a/firewalld.service +++ b/firewalld.service @@ -8,6 +8,8 @@ EnvironmentFile=-/etc/sysconfig/firewalld ExecStart=/usr/sbin/firewalld $FIREWALLD_ARGS ExecStartPost=/usr/bin/firewall-cmd --state ExecReload=/usr/bin/firewall-cmd --reload +# don't fail ExecStartPost on RUNNING_BUT_FAILED +SuccessExitStatus=251 [Install] WantedBy=multi-user.target diff --git a/firewalld.spec b/firewalld.spec index f18ebea..99f6a25 100644 --- a/firewalld.spec +++ b/firewalld.spec @@ -1,7 +1,7 @@ Summary: A firewall daemon with D-Bus interface providing a dynamic firewall Name: firewalld Version: 1.3.4 -Release: 13%{?dist} +Release: 14%{?dist} URL: http://www.firewalld.org License: GPLv2+ Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.bz2 @@ -36,6 +36,7 @@ Patch28: 0028-v2.4.0-fix-systemd-remove-unnecessary-comment.patch Patch29: 0029-v2.4.0-test-nftables-table-owner-use-grep-instead-of.patch Patch30: 0030-v2.4.0-chore-ipset-remove-set_supported_types.patch Patch31: 0031-v2.4.0-fix-fw-start-remove-ipset-probe.patch +Patch32: 0032-fix-systemd-allow-start-code-251-RUNNING_BUT_FAILED.patch BuildArch: noarch BuildRequires: autoconf BuildRequires: automake @@ -259,6 +260,9 @@ rm -rf %{buildroot}%{_datadir}/firewalld/testsuite %{_mandir}/man1/firewall-config*.1* %changelog +* Mon Jun 02 2025 Eric Garver - 1.3.4-14 +- fix(systemd): allow start code 251 (RUNNING_BUT_FAILED) + * Mon May 19 2025 Eric Garver - 1.3.4-13 - fix(fw): start: remove ipset probe