colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dbus: allow firewalld to communicate with NetworkManager

Browse Source 
Usually, this "<allow send_destination="..."/>" part is shipped
by firewalld's D-Bus policy. However, if firewalld is initially
not installed with NetworkManager already running, dbus-daemon
seems to cache the missing permission for the D-Bus connection.
As a result, when installing and starting firewalld, NetworkManager
requests fail until restart:

  firewall: [0x7f4b83643890,change:"eth1"]: complete: request failed (Rejected send message, 1 matched rules; type="method_call", sender=":1.3" (uid=0 pid=715 comm="/usr/sbin/NetworkManager --no-daemon ") interface="org.fedoraproject.FirewallD1.zone" member="changeZone" error name="(unset)" requested_reply="0" destination=":1.25" (uid=0 pid=1243 comm="/usr/bin/python -Es /usr/sbin/firewalld --nofork -"))

https://bugzilla.redhat.com/show_bug.cgi?id=1436770
This commit is contained in:
Thomas Haller
2017-04-21 11:56:28 +02:00
parent 8583e62276
commit cc1d409ba8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/org.freedesktop.NetworkManager.conf
View File

@@ -27,6 +27,8 @@
<allow send_destination="org.freedesktop.NetworkManager.strongswan"/> <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
<allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
<allow send_destination="org.fedoraproject.FirewallD1"/>
<!-- Allow the custom name for the dnsmasq instance spawned by NM <!-- Allow the custom name for the dnsmasq instance spawned by NM
from the dns dnsmasq plugin to own it's dbus name, and for from the dns dnsmasq plugin to own it's dbus name, and for
messages to be sent to it. messages to be sent to it.