File 0005-systemd-fix-a-race-condition-in-the-_init-service-bnc-1014987.patch of Package SuSEfirewall2.5243
From 5de6b1d87e44ce84db50ce172edd68ac5cf3a43d Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Tue, 21 Mar 2017 12:58:16 +0100
Subject: [PATCH] systemd: fix a race condition in the _init service (bsc#1014987)
As suggested in the bug report I've added further requirements to the
systemd unit for the init service. Also I've switched the mktemp call to
use /dev/shm instead of /tmp which should allow the service to be
executed earlier and doesn't rely on an r/w /tmp.
cherry pick from master.
---
SuSEfirewall2-batch | 4 ++--
SuSEfirewall2_init.service | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/SuSEfirewall2-batch b/SuSEfirewall2-batch
index 301d50f..f25a2aa 100644
--- a/SuSEfirewall2-batch
+++ b/SuSEfirewall2-batch
@@ -33,7 +33,7 @@ check_iptables_batch()
# override iptables calls with shell function if in batch mode
if [ -n "$USE_IPTABLES_BATCH" ]; then
- iptables_batchfile=`mktemp -t SuSEfirewall2_iptables.XXXXXXXX` || exit 1
+ iptables_batchfile=`mktemp -p /dev/shm -t SuSEfirewall2_iptables.XXXXXXXX` || exit 1
removeonexit "$iptables_batchfile"
exec 4> "$iptables_batchfile"
echo "#!$IPTABLES_BATCH" >&4
@@ -44,7 +44,7 @@ check_iptables_batch()
for i in "$@"; do echo -n " \"$i\""; done >&4
echo >&4
}
- ip6tables_batchfile=`mktemp -t SuSEfirewall2_ip6tables.XXXXXXXX` || exit 1
+ ip6tables_batchfile=`mktemp -p /dev/shm -t SuSEfirewall2_ip6tables.XXXXXXXX` || exit 1
removeonexit "$ip6tables_batchfile"
exec 6> "$ip6tables_batchfile"
echo "#!$IP6TABLES_BATCH" >&6
diff --git a/SuSEfirewall2_init.service b/SuSEfirewall2_init.service
index 8f76279..65398e7 100644
--- a/SuSEfirewall2_init.service
+++ b/SuSEfirewall2_init.service
@@ -1,6 +1,8 @@
[Unit]
Description=SuSEfirewall2 phase 1
Before=network.service
+After=sysinit.target
+RequiresMountsFor=/dev/shm
[Service]
ExecStart=/usr/sbin/SuSEfirewall2 boot_init
--
2.10.2
