Bug #11933: ferm does not start

Bug #11933

ferm does not start

Added by bertagaz 2016-11-16 15:10:48 . Updated 2016-11-16 15:35:41 .

Status:

Duplicate

Priority:

Normal

Assignee:

bertagaz

Category:

Target version:

Tails_3.0

Start date:

2016-11-16

Due date:

% Done:

30%

Feature Branch:

bugfix/11933-fix-ferm-startup

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Might be that we’re hit by ~~Bug #11786#note-38~~, as ferm fails iptables complains about unknown options.

Loading the xt_owner kernel module is enough to fix that.

Nov 16 14:56:50 localhost.localdomain ferm[326]: Starting Firewall: fermiptables-restore v1.6.0: owner: Bad value for "--uid-owner" option: "amnesia"
Nov 16 14:56:50 localhost.localdomain ferm[326]: Error occurred at line: 14
Nov 16 14:56:50 localhost.localdomain ferm[326]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Nov 16 14:56:50 localhost.localdomain ferm[326]: Failed to run /sbin/iptables-restore
Nov 16 14:56:50 localhost.localdomain ferm[326]: ip6tables-restore v1.6.0: owner: Bad value for "--uid-owner" option: "amnesia"
Nov 16 14:56:50 localhost.localdomain ferm[326]: Error occurred at line: 8
Nov 16 14:56:50 localhost.localdomain ferm[326]: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Nov 16 14:56:50 localhost.localdomain ferm[326]: Failed to run /sbin/ip6tables-restore
Nov 16 14:56:50 localhost.localdomain ferm[326]: Firewall rules rolled back.
Nov 16 14:56:50 localhost.localdomain ferm[326]:  failed!

Subtasks

Related issues

Is duplicate of Tails - ~~Bug #7018~~: Fails to setup firewall rules at early boot stage

Resolved

2014-04-03

History

#1 Updated by bertagaz 2016-11-16 15:23:58

Status changed from Confirmed to In Progress
% Done changed from 0 to 30
Feature Branch set to bugfix/11933-fix-ferm-startup

Added a simple patch that should solve this. Let’s test it a bit.

#2 Updated by intrigeri 2016-11-16 15:28:22

is duplicate of ~~Bug #7018~~: Fails to setup firewall rules at early boot stage added

#3 Updated by intrigeri 2016-11-16 15:30:57

Status changed from In Progress to Duplicate

The UID problem should be fixed in ~~Bug #7018~~. But the xt_owner trick might be better, if it fixes the problem. Did you build an ISO? The problem only occurs during early boot, before live-config as run, so testing in an already booted system is not useful.

#4 Updated by intrigeri 2016-11-16 15:35:41

FTR the “amnesia” user does not exist when ferm is started initially, which explains the error message.