m

2025-10-31 21:56:08 +02:00 · 2025-02-12 23:23:00 +03:00 · 2025-02-12 23:23:00 +03:00 · 865f342d78
--- a/os/unix/admin/security/selinux/config.txt
+++ b/os/unix/admin/security/selinux/config.txt
@ -6,3 +6,8 @@ SELINUX=disabled

 ????
 /etc/selinux/semanage.conf
+
+$ rpm -qf /etc/selinux/semanage.conf
+libsemanage-3.7-2.fc41.x86_64
+$ rpm -qf /etc/selinux/config
+selinux-policy-41.32-1.fc41.noarch
--- a/pages/fw.txt
+++ b/pages/fw.txt
@ -1,10 +1,69 @@
+$ sudo dnf install selinux-policy
+
 python3-firewall-2.1.4-2.fc40.noarch

+?
+https://cyberchaos.dev/e1mo/nixfiles/-/blob/2a395103cfde4d70c3670c5a51538cd9d0c254cb/modules/nftables/default.nix
+https://code.mayfirst.org/mfmt/bruce/-/blob/master/bruce_banner.py
+    nft --check
+https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/thread/VSV4C24PFCMFWV2BPRRIGNYICLDXPHZR/
+    --- a/contrib/systemd/osmo-upf.service
+    +++ b/contrib/systemd/osmo-upf.service
+    @@ -12,6 +12,7 @@
+     Group=osmocom
+     ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg
+     RestartSec=2
+    +AmbientCapabilities=CAP_NET_ADMIN
+ 
+???
+nft --debug all flush ruleset
+???
+Conflicts=iptables.service ip6tables.service ebtables.service ipset.service nftables.service
+
 sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw.py
 line 583, in _start_apply_objects
+class Firewall:
+    ...
+    def _start_apply_objects(self, reload = False, complete_reload = False):
+        ...
        transaction = FirewallTransaction(self) 
        ...
+        self.apply_default_tables(use_transaction = transaction)
        transaction.execute(True)   # !!!
+    ...
+    def apply_default_tables(self, use_transaction = None):
+        ...
+        transaction = use_transaction
+        ...
+        for backend in self.enabled_backends():
+            transaction.add_rules(backend, backend.build_default_tables())    # ???
+
+
+sudo vi /usr/lib/python3.12/site-packages/firewall/core/fw_transaction.py
+line 117, in execute
+    raise FirewallError(errors.COMMAND_FAILED, errorMsg)  # !!!
+    ...
+class FirewallTransaction:
+    ...
+    def execute(self, enable):
+        ...
+        rules = self.rules
+        ...
+        error = False
+        errorMsg = ""
+        ...
+        for backend_name in rules:
+            try:
+                self.fw.rules(backend_name, rules[backend_name])
+            except Exception as msg:
+                error = True
+                errorMsg = msg
+                log.debug1(traceback.format_exc())
+                log.error(msg
+        ...
+        if error:
+            ...
+            raise FirewallError(errors.COMMAND_FAILED, errorMsg)

 $ sudo systemctl status firewalld
 ○ firewalld.service - firewalld - dynamic firewall daemon