|
Enhancements/Bugs closed WW13!
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Current high bug count owners for Yocto Project 3.5
Stephen Jolley
All,
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Yocto Project Newcomer & Unassigned Bugs - Help Needed
Stephen Jolley
All,
The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading: https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project. If anyone can help, please take ownership of the bug and send patches! If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.
Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 400 unassigned or newcomer bugs.
We're hoping people may be able to spare some time now and again to help out with these. Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system. There are also roughly four different "priority" classes right now, “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.5" and then “3.6”.
Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account). The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs
Thanks,
Stephen K. Jolley Yocto Project Program Manager ( Cell: (208) 244-4460 * Email: sjolley.yp.pm@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
psplash: Wrong spashscreen resolution in case of two displays with different resolution
Vasyl Vavrychuk
Hi,
In my system I have two displays (virtual) with different resolution first: 1080x1920 (portrait orientation) second: 640x720 When psplash is run, it shows boot animation with resolution 640x720 on the first display too: +-----------+-----+ | | | | psplash | | | | | | | | +-----------+ | | | | | | Display 1 | | | | | +-----------------+ +-----------+ | | | psplash | | Display 2 | | | +-----------+ Can we achieve 1080x1920 resolution on Display 1? I worth case I don't need boot animation on display 2. Is DRM/KMS backend needed for that? Kind regards, Vasyl
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: QA notification for completed autobuilder build (yocto-3.4.3.rc1)
Teoh, Jay Shen
Hello everyone,
toggle quoted messageShow quoted text
This is the full report for yocto-3.4.3.rc3: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults ======= Summary ======== No high milestone defects. No new issue found. Thanks, Jay
-----Original Message-----
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: firewalld isssue
#yocto
Nicolas Jeker
On Sun, 2022-03-27 at 23:39 -0700, sateesh m wrote:
Hi Team,Judging by this stack exchange thread[1] from a quick search, you might be missing the appropriate kernel configs[2]. [1]: https://unix.stackexchange.com/questions/632113 [2]: https://wiki.gentoo.org/wiki/Nftables#Kernel
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Nicolas Jeker
On Thu, 2022-03-24 at 18:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote: If you look at the source for cve-update-db-native.bb[1], you see how the URLs are being generated. It tries to send requests to the following URLs (if you didn't change NVDCVE_URL): https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.meta https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-{YEAR}.json.gz Where {YEAR} is every year from 2002 up until the current year + 1. I suspect you might be behind a corporate firewall which does deep inspection and replaces the certificates, but that's just a guess. [1]: https://git.yoctoproject.org/poky/tree/meta/recipes-core/meta/cve-update-db-native.bb response.read().decode("utf-8").splitlines():
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
firewalld isssue
#yocto
sateesh m
Hi Team,
I have built a custom image core-image-base on riscv target machine installed nftables,firewalld,JSON packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should I install? But while running firewalld status is always failed mode. Using $firewall-cmd --reload I am facing a problem Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
-- Regards, Sateesh
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
firewalld isssue
#yocto
sateesh m
Hi Team,
I have built a custom image core-image-base with nftables,firewalld,json packages support. I am using firewalld_0.9.3 sources depends nftables-python is present. But I am getting error python-nftables. Can you please guide me on what dependent I missed here? If suppose firewalld should work means, What packages should I install? But while running firewalld status is always failed mode. Using $firewall-cmd --reload I am facing a problem Error: COMMAND_FAILED: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: No such file or directory
JSON blob:
{"nftables": [{"metainfo": {"json_schema_version": 1}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "raw_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -290}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING", "type": "filter", "hook": "prerouting", "prio": -140}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING", "expr": [{"jump": {"target": "mangle_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING", "type": "nat", "hook": "prerouting", "prio": -90}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PREROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING", "expr": [{"jump": {"target": "nat_PREROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING", "type": "nat", "hook": "postrouting", "prio": 110}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_pre"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_ZONES"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_ZONES"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POSTROUTING_POLICIES_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING", "expr": [{"jump": {"target": "nat_POSTROUTING_POLICIES_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT", "type": "filter", "hook": "input", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD", "type": "filter", "hook": "forward", "prio": 10}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT", "type": "filter", "hook": "output", "prio": 10}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_INPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"jump": {"target": "filter_INPUT_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["established", "related"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "status"}}, "op": "in", "right": "dnat"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"meta": {"key": "iifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_IN_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_IN_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_OUT_ZONES"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_OUT_ZONES"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FORWARD_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"jump": {"target": "filter_FORWARD_POLICIES_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["invalid"]}}}, {"drop": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "expr": [{"reject": {"type": "icmpx", "expr": "admin-prohibited"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"match": {"left": {"meta": {"key": "oifname"}}, "op": "==", "right": "lo"}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_pre"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_pre"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_OUTPUT_POLICIES_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "expr": [{"jump": {"target": "filter_OUTPUT_POLICIES_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"fib": {"flags": ["saddr", "iif"], "result": "oif"}}, "op": "==", "right": false}}, {"drop": null}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "raw_PREROUTING", "expr": [{"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": {"set": ["nd-router-advert", "nd-neighbor-solicit"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_OUTPUT", "index": 0, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD", "index": 2, "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"set": [{"prefix": {"addr": "::0.0.0.0", "len": 96}}, {"prefix": {"addr": "::ffff:0.0.0.0", "len": 96}}, {"prefix": {"addr": "2002:0000::", "len": 24}}, {"prefix": {"addr": "2002:0a00::", "len": 24}}, {"prefix": {"addr": "2002:7f00::", "len": 24}}, {"prefix": {"addr": "2002:ac10::", "len": 28}}, {"prefix": {"addr": "2002:c0a8::", "len": 32}}, {"prefix": {"addr": "2002:a9fe::", "len": 32}}, {"prefix": {"addr": "2002:e000::", "len": 19}}]}}}, {"reject": {"type": "icmpv6", "expr": "addr-unreachable"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "expr": [{"jump": {"target": "filter_IN_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "tcp", "field": "dport"}}, "op": "==", "right": 22}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public_allow", "expr": [{"match": {"left": {"payload": {"protocol": "ip6", "field": "daddr"}}, "op": "==", "right": {"prefix": {"addr": "fe80::", "len": 64}}}}, {"match": {"left": {"payload": {"protocol": "udp", "field": "dport"}}, "op": "==", "right": 546}}, {"match": {"left": {"ct": {"key": "state"}}, "op": "in", "right": {"set": ["new", "untracked"]}}}, {"accept": null}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDO_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDO_public", "expr": [{"jump": {"target": "filter_FWDO_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_POST_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POST_public", "expr": [{"jump": {"target": "nat_POST_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_FWDI_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "expr": [{"jump": {"target": "filter_FWDI_public_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_public_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_public", "expr": [{"jump": {"target": "nat_PRE_public_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_public_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_public", "expr": [{"jump": {"target": "mangle_PRE_public_post"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FWDI_public", "index": 4, "expr": [{"match": {"left": {"meta": {"key": "l4proto"}}, "op": "==", "right": {"set": ["icmp", "icmpv6"]}}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_ZONES", "expr": [{"goto": {"target": "filter_IN_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_OUT_ZONES", "expr": [{"goto": {"target": "filter_FWDO_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_POSTROUTING_ZONES", "expr": [{"goto": {"target": "nat_POST_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_FORWARD_IN_ZONES", "expr": [{"goto": {"target": "filter_FWDI_public"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_ZONES", "expr": [{"goto": {"target": "nat_PRE_public"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_ZONES", "expr": [{"goto": {"target": "mangle_PRE_public"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "filter_IN_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "ip6", "table": "firewalld", "name": "nat_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6_post"}}]}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_pre"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_log"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_deny"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_allow"}}}, {"add": {"chain": {"family": "inet", "table": "firewalld", "name": "mangle_PRE_policy_allow-host-ipv6_post"}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_pre"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_log"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_deny"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_allow"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PRE_policy_allow-host-ipv6", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6_post"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_INPUT_POLICIES_pre", "expr": [{"jump": {"target": "filter_IN_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "ip6", "table": "firewalld", "chain": "nat_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "nat_PRE_policy_allow-host-ipv6"}}]}}}, {"insert": {"rule": {"family": "inet", "table": "firewalld", "chain": "mangle_PREROUTING_POLICIES_pre", "expr": [{"jump": {"target": "mangle_PRE_policy_allow-host-ipv6"}}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-neighbor-solicit"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-router-advert"}}, {"accept": null}]}}}, {"add": {"rule": {"family": "inet", "table": "firewalld", "chain": "filter_IN_policy_allow-host-ipv6_allow", "expr": [{"match": {"left": {"meta": {"key": "nfproto"}}, "op": "==", "right": "ipv6"}}, {"match": {"left": {"payload": {"protocol": "icmpv6", "field": "type"}}, "op": "==", "right": "nd-redirect"}}, {"accept": null}]}}}]}
-- Regards, Sateesh
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[meta-security][PATCH] openscap-daemon: inherit python_setuptools_build_meta
Chen Qi
setuptools_build_meta has been renamed to python_setuptools_build_meta.
Signed-off-by: Chen Qi <Qi.Chen@...> --- .../recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb index cf6d531..9659323 100644 --- a/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb +++ b/meta-security-compliance/recipes-openscap/openscap-daemon/openscap-daemon_0.1.10.bb @@ -13,7 +13,7 @@ SRC_URI = "git://github.com/OpenSCAP/openscap-daemon.git;branch=master;protocol= file://0001-Renamed-module-and-variables-to-get-rid-of-async.patch \ " -inherit setuptools_build_meta +inherit python_setuptools_build_meta S = "${WORKDIR}/git" -- 2.33.0
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Monsees, Steven C (US)
Thanks Tim, subscribed…
From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM To: Richard Purdie <richard.purdie@...> Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@... Subject: Re: [yocto] CVE patch updates
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
Steven, if you haven’t already, you should subscribe to
Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.
This is mostly a community effort. There is no special dedicated squad of security champions.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Monsees, Steven C (US)
Thanks Richard, will do…
From: Tim Orling <ticotimo@...>
Sent: Thursday, March 24, 2022 9:03 PM To: Richard Purdie <richard.purdie@...> Cc: Monsees, Steven C (US) <steven.monsees@...>; yocto@... Subject: Re: [yocto] CVE patch updates
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
Steven, if you haven’t already, you should subscribe to
Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.
This is mostly a community effort. There is no special dedicated squad of security champions.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
bus service inactive issue
#yocto
sateesh m
Hi Team,
I am trying to start service dbus. I have built an image on riscv target machine. I want to access firewalld , firewalld service is running but dbus-deamon service also should be start to get a client response. I have built packages using gatesgarth branch systemd,dbus, firewalld installed. But facing problems. So natively installed systemd,dbus,dbus-broker but still service is inactive state only using systemctl I am trying to start services. issue : aded: loaded ([]8;;file://Unmatched-2.0.2/lib/systemd/system/dbus-broker.serviceG/lib/systemd/system/dbus-broker.service[]8;;G; enabled; vendor preset: enable
d)
Active: inactive (dead)
TriggeredBy: ○ dbus.socket
Docs: []8;;man:dbus-broker-launch(1)Gman:dbus-broker-launch(1)[]8;;G
Thanking you in advance. -- Regards, Sateesh
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: QA notification for completed autobuilder build (yocto-3.4.3.rc1)
Teoh, Jay Shen
Hi all,
toggle quoted messageShow quoted text
Intel and WR YP QA is planning for QA execution for YP build yocto-3.4.3.rc3. We are planning to execute following tests for this cycle: Please note that this is the rc3 build for 3.4.3, the rc number was marked to rc1 by mistake. OEQA-manual tests for following module: 1. OE-Core 2. BSP-hw Runtime auto test for following platforms: 1. MinnowTurbot 32-bit 2. Coffee Lake 3. NUC 7 4. NUC 6 5. Edgerouter 6. Beaglebone ETA for completion next Monday, March 28. Thanks, Jay
-----Original Message-----
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Tim Orling
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote: On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via Steven, if you haven’t already, you should subscribe to Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it. This is mostly a community effort. There is no special dedicated squad of security champions.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: [qa-build-notification] QA notification for completed autobuilder build (yocto-3.4.3.rc2)
Teoh, Jay Shen
Noted. We will stop the QA for rc2.
toggle quoted messageShow quoted text
Thanks, Jay
-----Original Message-----
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OpenEmbedded Happy Hour March 30 5pm/1700 UTC
Denys Dmytriyenko
All,
You are cordially invited to the next OpenEmbedded Happy Hour on March 30 for Europe/Americas timezones @ 1700/5pm UTC (1pm ET / 10am PT): https://www.openembedded.org/wiki/Calendar https://www.openembedded.org/wiki/Happy_Hours https://www.timeanddate.com/worldclock/fixedtime.html?msg=OpenEmbedded+Happy+Hour+March+30&iso=20220330T17 -- Regards, Denys Dmytriyenko <denis@...> PGP: 0x420902729A92C964 - https://denix.org/0x420902729A92C964 Fingerprint: 25FC E4A5 8A72 2F69 1186 6D76 4209 0272 9A92 C964
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Richard Purdie
On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org wrote: You'll see output of cve-check on the yocto-security list for layers that are still in maintenance: https://lists.yoctoproject.org/g/yocto-security/messages although zeus is out of maintenance. We merge CVE fixes to the branches that are in maintenance. A graph showing the data over time: https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive Cheers, Richard
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Monsees, Steven C (US)
So, my only change to my build is the INHERIT =+ “cve-check”… No issue seen until this line added…
Can someone tell me why when I build from scratch, clean, I see the following error ? Who’s certificate failure is being flagged ?
Initialising tasks: 100% |#######################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |###############################################################| Time: 0:00:00 Sstate summary: Wanted 2258 Found 2229 Missed 29 Current 0 (98% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed ERROR: cve-update-db-native-1.0-r0 do_populate_cve_db: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was: File: 'exec_python_func() autogenerated', lineno: 2, function: <module> 0001: *** 0002:do_populate_cve_db(d) 0003: File: '/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 69, function: do_populate_cve_db 0065: meta_url = year_url + ".meta" 0066: json_url = year_url + ".json.gz" 0067: 0068: # Retrieve meta last modified date *** 0069: response = urllib.request.urlopen(meta_url) 0070: if response: 0071: for l in response.read().decode("utf-8").splitlines(): 0072: key, value = l.split(":", 1) 0073: if key == "lastModifiedDate": File: '/usr/lib64/python3.6/urllib/request.py', lineno: 223, function: urlopen 0219: elif _opener is None: 0220: _opener = opener = build_opener() 0221: else: 0222: opener = _opener *** 0223: return opener.open(url, data, timeout) 0224: 0225:def install_opener(opener): 0226: global _opener 0227: _opener = opener File: '/usr/lib64/python3.6/urllib/request.py', lineno: 526, function: open 0522: for processor in self.process_request.get(protocol, []): 0523: meth = getattr(processor, meth_name) 0524: req = meth(req) 0525: *** 0526: response = self._open(req, data) 0527: 0528: # post-process response 0529: meth_name = protocol+"_response" 0530: for processor in self.process_response.get(protocol, []): File: '/usr/lib64/python3.6/urllib/request.py', lineno: 544, function: _open 0540: return result 0541: 0542: protocol = req.type 0543: result = self._call_chain(self.handle_open, protocol, protocol + *** 0544: '_open', req) 0545: if result: 0546: return result 0547: 0548: return self._call_chain(self.handle_open, 'unknown', File: '/usr/lib64/python3.6/urllib/request.py', lineno: 504, function: _call_chain 0500: # could. Otherwise, they return the response. 0501: handlers = chain.get(kind, ()) 0502: for handler in handlers: 0503: func = getattr(handler, meth_name) *** 0504: result = func(*args) 0505: if result is not None: 0506: return result 0507: 0508: def open(self, fullurl, data=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT): File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1392, function: https_open 1388: self._check_hostname = check_hostname 1389: 1390: def https_open(self, req): 1391: return self.do_open(http.client.HTTPSConnection, req, *** 1392: context=self._context, check_hostname=self._check_hostname) 1393: 1394: https_request = AbstractHTTPHandler.do_request_ 1395: 1396: __all__.append('HTTPSHandler') File: '/usr/lib64/python3.6/urllib/request.py', lineno: 1351, function: do_open 1347: try: 1348: h.request(req.get_method(), req.selector, req.data, headers, 1349: encode_chunked=req.has_header('Transfer-encoding')) 1350: except OSError as err: # timeout error *** 1351: raise URLError(err) 1352: r = h.getresponse() 1353: except: 1354: h.close() 1355: raise Exception: urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)>
ERROR: Logfile of failure stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/work/x86_64-linux/cve-update-db-native/1.0-r0/temp/log.do_populate_cve_db.4499 ERROR: Task (/disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db) failed with exit code '1' NOTE: Tasks Summary: Attempted 5772 tasks of which 5228 didn't need to be rerun and 1 failed.
Summary: 1 task failed: /disk0/scratch/smonsees/yocto/workspace_1/poky/meta/recipes-core/meta/cve-update-db-native.bb:do_populate_cve_db Summary: There was 1 ERROR message shown, returning a non-zero exit code. 14:41 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>find . -name '_ssl.c' -print 14:47 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
From: yocto@... <yocto@...>
On Behalf Of Monsees, Steven C (US) via lists.yoctoproject.org
Sent: Thursday, March 24, 2022 2:00 PM To: yocto@... Subject: Re: [yocto] CVE patch updates
When building in cve-check to see what is reported, it generated all blank/empty report files… Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).
10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full Parsing recipes: 100% |#############################################################################################| Time: 0:01:07 Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors. NOTE: Resolving any missing task queue dependencies
Build Configuration: BB_VERSION = "1.44.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "rhel-7.9" TARGET_SYS = "x86_64-poky-linux" MACHINE = "sbca-default" DISTRO = "limws" DISTRO_VERSION = "3.0.4" TUNE_FEATURES = "m64 corei7" TARGET_FPU = "" meta meta-poky = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42" meta-perl meta-python meta-filesystems meta-networking meta-initramfs meta-oe = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b" meta-virtualization = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4" meta = "master:a32ddd2b2a51b26c011fa50e441df39304651503" meta-clang = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9" meta-intel = "zeus:d9942d4c3a710406b051852de7232db03c297f4e" meta-intel = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"
Initialising tasks: 100% |##########################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02 Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l total 0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native 13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>
From: Monsees, Steven C (US)
I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?
Is there a yocto page somewhere that goes over this side of things ?, I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).
Thanks, Steve
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Re: CVE patch updates
Monsees, Steven C (US)
When building in cve-check to see what is reported, it generated all blank/empty report files… Can someone explain this ?, my local.conf does have the proper modification (INHERIT += “cve-check”).
10:55 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default> bitbake -k sbca-defaultfs-full Parsing recipes: 100% |#############################################################################################| Time: 0:01:07 Parsing of 2555 .bb files complete (0 cached, 2555 parsed). 3769 targets, 96 skipped, 0 masked, 0 errors. NOTE: Resolving any missing task queue dependencies
Build Configuration: BB_VERSION = "1.44.0" BUILD_SYS = "x86_64-linux" NATIVELSBSTRING = "rhel-7.9" TARGET_SYS = "x86_64-poky-linux" MACHINE = "sbca-default" DISTRO = "limws" DISTRO_VERSION = "3.0.4" TUNE_FEATURES = "m64 corei7" TARGET_FPU = "" meta meta-poky = "my_yocto_3.0.4:2f9bca440204f9e73158705a4ec04698b1f6ad42" meta-perl meta-python meta-filesystems meta-networking meta-initramfs meta-oe = "zeus:2b5dd1eb81cd08bc065bc76125f2856e9383e98b" meta-virtualization = "zeus:7e5219669ff6f8e9c8c33ffd230e95a6b2b025f4" meta = "master:a32ddd2b2a51b26c011fa50e441df39304651503" meta-clang = "zeus:f5355ca9b86fb5de5930132ffd95a9b352d694f9" meta-intel = "zeus:d9942d4c3a710406b051852de7232db03c297f4e" meta-intel = "LIMWSSWARE-682-oews-meta-bae-clean-up:99f116056452f1fefe83fe458f533b48f52fe4ba"
Initialising tasks: 100% |##########################################################################################| Time: 0:00:04 Checking sstate mirror object availability: 100% |##################################################################| Time: 0:00:02 Sstate summary: Wanted 2258 Found 15 Missed 2243 Current 0 (0% match, 0% complete) NOTE: Executing Tasks NOTE: Setscene tasks completed Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve Image CVE report stored in: /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve NOTE: Tasks Summary: Attempted 6753 tasks of which 77 didn't need to be rerun and all succeeded.
13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:16 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/core-image-minimal-initramfs-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>ls -l /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve -rw-r--r--. 1 smonsees none 0 Mar 24 13:17 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/images/sbca-default/aiox_orange-sbca-default-20220324145629.rootfs.cve 13:33 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default>
13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>ls -l total 0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 binutils-cross-x86_64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 binutils-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 bluez5 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 boost -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 cairo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 cairo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:16 cpio-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 curl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 curl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 dbus-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 e2fsprogs-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 file-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 flex -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 flex-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 gcc-source-9.2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 gettext-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glib-2.0 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 glib-2.0-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 glibc -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 gnutls -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-cross-corei7-64 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 go-runtime -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 icu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 libarchive-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 libgcrypt -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libjpeg-turbo-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre -rw-rw-r--. 1 smonsees none 0 Mar 24 13:12 libpcre2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libpcre-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxml2-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 libxslt-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 mailx -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 nasm-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 ncurses-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 nfs-utils -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 openssh -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 patch-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 perl -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 perl-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 python3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 qemu-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:14 rsync -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3 -rw-rw-r--. 1 smonsees none 0 Mar 24 13:06 sqlite3-native -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sudo -rw-rw-r--. 1 smonsees none 0 Mar 24 13:13 sysstat -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip -rw-rw-r--. 1 smonsees none 0 Mar 24 13:05 unzip-native 13:27 smonsees@yix465383 /disk0/scratch/smonsees/yocto/workspace_1/builds2/sbca-default/tmp/deploy/cve>
From: Monsees, Steven C (US)
Sent: Thursday, March 24, 2022 12:56 PM To: yocto@... Subject: CVE patch updates
I am currently building in cve-check to see what is reported, and I was curious if Yocto might provide any CVE based patch repositories ?
Is there a yocto page somewhere that goes over this side of things ?, I did not see much in the mega-manual… I am running on zeus based platforms (for both armarch64 and x86_64).
Thanks, Steve
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|