Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | Origin: r795, r796 |
| 2 | Description: move netfilter capabilities checking into initcaps(), and call |
| 3 | initcaps() only when we need it. |
| 4 | Bug-Ubuntu: https://launchpad.net/bugs/1044361 |
| 5 | |
| 6 | Upstream-Status: Inappropriate [ not author ] |
| 7 | |
| 8 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> |
| 9 | |
| 10 | Index: ufw-0.33/src/backend_iptables.py |
| 11 | =================================================================== |
| 12 | --- ufw-0.33.orig/src/backend_iptables.py 2012-09-23 09:58:34.000000000 -0500 |
| 13 | +++ ufw-0.33/src/backend_iptables.py 2012-09-23 09:58:36.000000000 -0500 |
| 14 | @@ -160,6 +160,9 @@ |
| 15 | out += "> " + _("Checking raw ip6tables\n") |
| 16 | return out |
| 17 | |
| 18 | + # Initialize the capabilities database |
| 19 | + self.initcaps() |
| 20 | + |
| 21 | args = ['-n', '-v', '-x', '-L'] |
| 22 | items = [] |
| 23 | items6 = [] |
| 24 | @@ -470,6 +473,9 @@ |
| 25 | if self.dryrun: |
| 26 | return False |
| 27 | |
| 28 | + # Initialize the capabilities database |
| 29 | + self.initcaps() |
| 30 | + |
| 31 | prefix = "ufw" |
| 32 | exe = self.iptables |
| 33 | if v6: |
| 34 | @@ -684,6 +690,9 @@ |
| 35 | except Exception: |
| 36 | raise |
| 37 | |
| 38 | + # Initialize the capabilities database |
| 39 | + self.initcaps() |
| 40 | + |
| 41 | chain_prefix = "ufw" |
| 42 | rules = self.rules |
| 43 | if v6: |
| 44 | @@ -830,6 +839,10 @@ |
| 45 | * updating user rules file |
| 46 | * reloading the user rules file if rule is modified |
| 47 | ''' |
| 48 | + |
| 49 | + # Initialize the capabilities database |
| 50 | + self.initcaps() |
| 51 | + |
| 52 | rstr = "" |
| 53 | |
| 54 | if rule.v6: |
| 55 | @@ -1073,6 +1086,9 @@ |
| 56 | if self.dryrun: |
| 57 | return |
| 58 | |
| 59 | + # Initialize the capabilities database |
| 60 | + self.initcaps() |
| 61 | + |
| 62 | rules_t = [] |
| 63 | try: |
| 64 | rules_t = self._get_logging_rules(level) |
| 65 | Index: ufw-0.33/src/backend.py |
| 66 | =================================================================== |
| 67 | --- ufw-0.33.orig/src/backend.py 2012-09-23 09:58:34.000000000 -0500 |
| 68 | +++ ufw-0.33/src/backend.py 2012-09-23 09:59:03.000000000 -0500 |
| 69 | @@ -21,7 +21,7 @@ |
| 70 | import stat |
| 71 | import sys |
| 72 | import ufw.util |
| 73 | -from ufw.util import warn, debug |
| 74 | +from ufw.util import error, warn, debug |
| 75 | from ufw.common import UFWError, config_dir, iptables_dir, UFWRule |
| 76 | import ufw.applications |
| 77 | |
| 78 | @@ -68,6 +68,17 @@ |
| 79 | err_msg = _("Couldn't determine iptables version") |
| 80 | raise UFWError(err_msg) |
| 81 | |
| 82 | + # Initialize via initcaps only when we need it (LP: #1044361) |
| 83 | + self.caps = None |
| 84 | + |
| 85 | + def initcaps(self): |
| 86 | + '''Initialize the capabilities database. This needs to be called |
| 87 | + before accessing the database.''' |
| 88 | + |
| 89 | + # Only initialize if not initialized already |
| 90 | + if self.caps != None: |
| 91 | + return |
| 92 | + |
| 93 | self.caps = {} |
| 94 | self.caps['limit'] = {} |
| 95 | |
| 96 | @@ -78,14 +89,20 @@ |
| 97 | # Try to get capabilities from the running system if root |
| 98 | if self.do_checks and os.getuid() == 0 and not self.dryrun: |
| 99 | # v4 |
| 100 | - nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) |
| 101 | + try: |
| 102 | + nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) |
| 103 | + except OSError as e: |
| 104 | + error("initcaps\n%s" % e) |
| 105 | if 'recent-set' in nf_caps and 'recent-update' in nf_caps: |
| 106 | self.caps['limit']['4'] = True |
| 107 | else: |
| 108 | self.caps['limit']['4'] = False |
| 109 | |
| 110 | # v6 |
| 111 | - nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) |
| 112 | + try: |
| 113 | + nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) |
| 114 | + except OSError as e: |
| 115 | + error("initcaps\n%s" % e) |
| 116 | if 'recent-set' in nf_caps and 'recent-update' in nf_caps: |
| 117 | self.caps['limit']['6'] = True |
| 118 | else: |