Bug#946562: firewalld: Firewalld does not run on systems with a monolithic kernel

Alex King Tue, 10 Dec 2019 15:13:04 -0800

Package: firewalld
Version: 0.6.3-5
Severity: normal
Tags: upstream

Dear Maintainer,


*** Reporter, please consider answering these questions, where appropriate ***

On a system with a monolithic kernel, firewalld fails to run:
# systemctl status firewalld|cat
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor 
preset: enabled)
   Active: inactive (dead) since Tue 2019-12-10 22:44:12 UTC; 6min ago
     Docs: man:firewalld(1)
 Main PID: 6363 (code=exited, status=0/SUCCESS)

Dec 10 22:44:11 alex.test.rimuhosting.com systemd[1]: Starting firewalld - 
dynamic firewall daemon...
Dec 10 22:44:11 alex.test.rimuhosting.com systemd[1]: Started firewalld - 
dynamic firewall daemon.
Dec 10 22:44:12 alex.test.rimuhosting.com firewalld[6363]: ERROR: Failed to 
load nf_conntrack module: modprobe: ERROR: ../libkmod/libkmod.c:586 
kmod_search_moddep() could not open moddep file 
'/lib/modules/4.19.87-rh117-20191201200735.xenU.x86_64/modules.dep.bin'
                                                           modprobe: FATAL: 
Module nf_conntrack not found in directory 
/lib/modules/4.19.87-rh117-20191201200735.xenU.x86_64
Dec 10 22:44:12 alex.test.rimuhosting.com firewalld[6363]: ERROR: Raising 
SystemExit in run_server
Dec 10 22:44:12 alex.test.rimuhosting.com systemd[1]: firewalld.service: 
Succeeded.

This applies in some cases when there is a custom kernel or with some
VPS kernels.  Not with the standard Debian kernels.

The problem is addressed in an upstream bug marked won't fix:
https://github.com/firewalld/firewalld/issues/430.  Firewalld calls
modprobe even though the required functionality is already in the
kernel, and fails when modprobe fails.

I would expect firewalld to start correctly if the required
functionality is built in to the kernel.

I tried:
1. removing the kmod package (and therefore modprobe), and firewalld
still fails to start.
2. ln -s /bin/true /bin/modprobe

Still did not work.

Thanks,
Alex

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 10.2
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.87-rh117-20191201200735.xenU.x86_64 (SMP w/12 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages firewalld depends on:
ii  dbus                 1.12.16-1
ii  gir1.2-glib-2.0      1.58.3-2
ii  init-system-helpers  1.56+nmu1
ii  iptables             1.8.2-4
ii  policykit-1          0.105-25
ii  python3              3.7.3-1
ii  python3-dbus         1.2.8-3
ii  python3-gi           3.30.4-1
ii  python3-slip-dbus    0.6.5-2

Versions of packages firewalld recommends:
ii  ipset  6.38-1.2

firewalld suggests no packages.

-- no debconf information

Bug#946562: firewalld: Firewalld does not run on systems with a monolithic kernel

Reply via email to