Bug #12208: ferm fails to start at boot time

Bug #12208

ferm fails to start at boot time

Added by intrigeri 2017-02-01 22:35:07 . Updated 2017-03-09 13:56:50 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Target version:

Tails_2.11

Start date:

2017-02-01

Due date:

% Done:

100%

Feature Branch:

bugfix/12208-ferm-fix

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Seen this in 3.0~beta1.

Subtasks

History

#1 Updated by intrigeri 2017-02-01 22:36:25

Feb 01 22:33:15 localhost.localdomain ferm[366]: Starting Firewall: fermiptables-restore v1.6.0: owner: Bad value for "--uid-owner" option: "amnesia"
Feb 01 22:33:15 localhost.localdomain ferm[366]: Error occurred at line: 35
Feb 01 22:33:15 localhost.localdomain ferm[366]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 01 22:33:15 localhost.localdomain ferm[366]: Failed to run /sbin/iptables-restore
Feb 01 22:33:15 localhost.localdomain ferm[366]: Firewall rules rolled back.
Feb 01 22:33:15 localhost.localdomain ferm[366]:  failed!
Feb 01 22:33:15 localhost.localdomain systemd[1]: ferm.service: Main process exited, code=exited, status=1/FAILURE
Feb 01 22:33:15 localhost.localdomain systemd[1]: Failed to start ferm firewall configuration.
Feb 01 22:33:15 localhost.localdomain systemd[1]: ferm.service: Unit entered failed state.
Feb 01 22:33:15 localhost.localdomain systemd[1]: ferm.service: Failed with result 'exit-code'.

That’s because ferm.service starts before live-config.service is done.

#2 Updated by intrigeri 2017-02-01 23:13:53

No, that’s because of:

                daddr 127.0.0.1 proto tcp syn dport 17600:17650 {
                    mod owner uid-owner amnesia ACCEPT;
                }

It should be “$amnesia_uid” like everywhere else.

This probably affects 2.10 too.

#3 Updated by intrigeri 2017-02-01 23:15:07

Assignee changed from intrigeri to anonym
Target version changed from Tails_3.0 to Tails_2.11

#4 Updated by intrigeri 2017-02-01 23:15:13

Subject changed from ferm fails to start at boot time on Stretch to ferm fails to start at boot time

#5 Updated by intrigeri 2017-02-01 23:15:30

Status changed from Confirmed to In Progress
% Done changed from 0 to 10

#6 Updated by anonym 2017-02-24 14:11:50

Assignee changed from anonym to intrigeri
% Done changed from 10 to 50
QA Check set to Ready for QA
Feature Branch set to bugfix/12208-ferm-fix

Can you take it? Otherwise I’ll merge it after I’ve seen the branch pass our automated QA.

#7 Updated by intrigeri 2017-03-02 08:50:38

Status changed from In Progress to Fix committed
% Done changed from 50 to 100

Applied in changeset commit:be3ebdc1a16e92bbe5699cdd88c425fb6b229001.

#8 Updated by intrigeri 2017-03-02 08:51:09

Assignee deleted (~~intrigeri~~)
QA Check changed from Ready for QA to Pass

#9 Updated by anonym 2017-03-09 13:56:50

Status changed from Fix committed to Resolved