Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b48b7b4109868a8c0ddda090992e936e821c7ea6 / . / import-layers / meta-openembedded / meta-networking / recipes-connectivity / ufw / ufw / 0002-lp1044361.patch
blob: 804c18bc9eed44b93226673e464440253c77b5fd [file] [log] [blame]
Patrick Williamsb48b7b42016-08-17 15:04:38 -0500[diff] [blame^]1Origin: r795, r796
2Description: move netfilter capabilities checking into initcaps(), and call
3 initcaps() only when we need it.
4Bug-Ubuntu: https://launchpad.net/bugs/1044361
5
6Upstream-Status: Inappropriate [ not author ]
7
8Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
9
10Index: ufw-0.33/src/backend_iptables.py
11===================================================================
12--- ufw-0.33.orig/src/backend_iptables.py 2012-09-23 09:58:34.000000000 -0500
13+++ ufw-0.33/src/backend_iptables.py 2012-09-23 09:58:36.000000000 -0500
14@@ -160,6 +160,9 @@
15 out += "> " + _("Checking raw ip6tables\n")
16 return out
17
18+ # Initialize the capabilities database
19+ self.initcaps()
20+
21 args = ['-n', '-v', '-x', '-L']
22 items = []
23 items6 = []
24@@ -470,6 +473,9 @@
25 if self.dryrun:
26 return False
27
28+ # Initialize the capabilities database
29+ self.initcaps()
30+
31 prefix = "ufw"
32 exe = self.iptables
33 if v6:
34@@ -684,6 +690,9 @@
35 except Exception:
36 raise
37
38+ # Initialize the capabilities database
39+ self.initcaps()
40+
41 chain_prefix = "ufw"
42 rules = self.rules
43 if v6:
44@@ -830,6 +839,10 @@
45 * updating user rules file
46 * reloading the user rules file if rule is modified
47 '''
48+
49+ # Initialize the capabilities database
50+ self.initcaps()
51+
52 rstr = ""
53
54 if rule.v6:
55@@ -1073,6 +1086,9 @@
56 if self.dryrun:
57 return
58
59+ # Initialize the capabilities database
60+ self.initcaps()
61+
62 rules_t = []
63 try:
64 rules_t = self._get_logging_rules(level)
65Index: ufw-0.33/src/backend.py
66===================================================================
67--- ufw-0.33.orig/src/backend.py 2012-09-23 09:58:34.000000000 -0500
68+++ ufw-0.33/src/backend.py 2012-09-23 09:59:03.000000000 -0500
69@@ -21,7 +21,7 @@
70 import stat
71 import sys
72 import ufw.util
73-from ufw.util import warn, debug
74+from ufw.util import error, warn, debug
75 from ufw.common import UFWError, config_dir, iptables_dir, UFWRule
76 import ufw.applications
77
78@@ -68,6 +68,17 @@
79 err_msg = _("Couldn't determine iptables version")
80 raise UFWError(err_msg)
81
82+ # Initialize via initcaps only when we need it (LP: #1044361)
83+ self.caps = None
84+
85+ def initcaps(self):
86+ '''Initialize the capabilities database. This needs to be called
87+ before accessing the database.'''
88+
89+ # Only initialize if not initialized already
90+ if self.caps != None:
91+ return
92+
93 self.caps = {}
94 self.caps['limit'] = {}
95
96@@ -78,14 +89,20 @@
97 # Try to get capabilities from the running system if root
98 if self.do_checks and os.getuid() == 0 and not self.dryrun:
99 # v4
100- nf_caps = ufw.util.get_netfilter_capabilities(self.iptables)
101+ try:
102+ nf_caps = ufw.util.get_netfilter_capabilities(self.iptables)
103+ except OSError as e:
104+ error("initcaps\n%s" % e)
105 if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
106 self.caps['limit']['4'] = True
107 else:
108 self.caps['limit']['4'] = False
109
110 # v6
111- nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
112+ try:
113+ nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)
114+ except OSError as e:
115+ error("initcaps\n%s" % e)
116 if 'recent-set' in nf_caps and 'recent-update' in nf_caps:
117 self.caps['limit']['6'] = True
118 else: