Package: firewalld Version: 0.6.3-5 Severity: important Tags: upstream Dear Maintainer,
On Debian Buster, when the 'firewalld' package is installed in an unprivileged LXC container, the daemon fails to start due to not being able to load the 'nf_conntrack' kernel module. This makes the 'firewalld' service unusable in that environment. The problem is in the logic used by the 'firewalld' service itself, not in the system configuration. This issue is known to the upstream: https://github.com/firewalld/firewalld/issues/519 The fix implemented by the upstream: https://github.com/firewalld/firewalld/commit/cef1e52af87508f90ab541fb02464ab3a1410ec5 Since this is not a security issue, and the service works fine outside of the restricted environment, I'm not sure if the fix can be implemented in the 'firewalld' package included in Debian Buster. Perhaps this could be used as a good argument for providing the 'firewalld' package with included fix via the buster-backports repository. Best Regards, Maciej Delmanowski -- System Information: Debian Release: 10.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firewalld depends on: ii dbus 1.12.16-1 ii gir1.2-glib-2.0 1.58.3-2 ii init-system-helpers 1.56+nmu1 ii iptables 1.8.2-4 ii policykit-1 0.105-25 ii python3 3.7.3-1 ii python3-dbus 1.2.8-3 ii python3-gi 3.30.4-1 pn python3-slip-dbus <none> Versions of packages firewalld recommends: pn ipset <none> firewalld suggests no packages.
