ben79
(Ben Bullard)
June 1, 2018, 6:15pm
1
Today in Main-testing repo our busy developers have released new kernel, kernel-firmware, microcode-intel, and radeon-firmware packages. These are important security updates as well as adding new features.
# urpmi --auto-update
...
(medium "MAIN-TESTING")
busybox-static 1.28.4 1 omv 2015.0 x86_64
cpupower 4.16.13 1 omv 2015.0 x86_64
iwlwifi-agn-ucode 20180531 1 omv 2015.0 noarch
kernel-firmware 20180531 1 omv 2015.0 noarch
kernel-firmware-extra 20180531 1 omv 2015.0 noarch
kernel-release-desktop-4.16.13-1omv 1 1 omv 2015.0 x86_64
kernel-release-desktop-latest 4.16.13 1 omv 2015.0 x86_64
microcode-intel 20180425 1 omv 2015.0 noarch
radeon-firmware 20180531 1 omv 2015.0 noarch
We need to get these tested and published to Main-updates repo as soon as possible for benefit of all of our users.
If interested more on kernel 4.16.x here .
ben79
(Ben Bullard)
June 1, 2018, 7:33pm
2
Edit: Tested in both VBox and on hardware.
There appears to be an issue with kernel 4.16.13 booting. On every boot I get this:
A start job is running for firewalld - dynamic firewall daemon ( / X min XX sec)
I put the X’s for the time because that timeout time is different on every boot (which seems very odd itself). But this is adding a minimum of 1 and 1/2 minutes to every single boot with this kernel version. Booting with previous kernel 4.15.18 results in no delay or issue.
Otherwise so far the kernel 4.16.13 appears working but it is early in the testing process.
ben79
(Ben Bullard)
June 1, 2018, 11:38pm
3
All-right lets get the Linux monkey to gather some logs for developers:
dmesg.txt (46.3 KB)
firewalld-status.txt (809 Bytes)
ben79
(Ben Bullard)
June 1, 2018, 11:42pm
4
ben79
(Ben Bullard)
June 1, 2018, 11:44pm
5
So firewalld was not started (timed out):
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: failed (Result: timeout) since Fri 2018-06-01 18:31:25 CDT; 10min ago
Docs: man:firewalld(1)
Process: 2160 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=killed, signal=TERM)
Main PID: 2160 (code=killed, signal=TERM)
Jun 01 18:29:55 ben79-pc systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 01 18:31:25 ben79-pc systemd[1]: firewalld.service: Start operation timed out. Terminating.
Jun 01 18:31:25 ben79-pc systemd[1]: firewalld.service: Failed with result 'timeout'.
Jun 01 18:31:25 ben79-pc systemd[1]: Failed to start firewalld - dynamic firewall daemon.
But then firewalld does start manually after boot:
$ systemctl start firewalld.service
$ systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-06-01 18:43:29 CDT; 5s ago
Docs: man:firewalld(1)
Main PID: 3513 (firewalld)
Tasks: 2 (limit: 4654)
Memory: 29.1M
CGroup: /system.slice/firewalld.service
└─3513 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jun 01 18:43:29 ben79-pc systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 01 18:43:29 ben79-pc systemd[1]: Started firewalld - dynamic firewall daemon.
ben79
(Ben Bullard)
June 1, 2018, 11:55pm
6
Output of ‘systemctl show start firewalld.service’:
show-start-firewalld.txt (19.5 KB)
ben79
(Ben Bullard)
June 2, 2018, 5:24pm
7
Working with crazy at #open-mandriva (that is where the action is) we have found that:
man-db.service is broken
ip6tables.service is broken
either firewall.d.service needs to be changer OR something in networking needs to be changed.
ALSO:
smb.service = started by default in OM Lx 3, probably should not be
and
nmb.service = started by default in OM Lx 3, probably should not be
and
ben79
(Ben Bullard)
June 2, 2018, 5:29pm
8
A patch/workaround for firewalld.service 1 and 1/2 minute or longer boot delay:
Edit ‘/lib/systemd/system/firewalld.service’ thus:
[Unit]
Description=firewalld - dynamic firewall daemon
# Before=network-pre.target
# Wants=network-pre.target
After=dbus.service
After=polkit.service
After=NetworkManager.service
Conflicts=iptables.service ip6tables.service ebtables.service ipset.service
Documentation=man:firewalld(1)
[Service]
EnvironmentFile=-/etc/sysconfig/firewalld
ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS
ExecReload=/bin/kill -HUP $MAINPID
# supress to log debug and error output also to /var/log/messages
StandardOutput=null
StandardError=null
Type=dbus
BusName=org.fedoraproject.FirewallD1
KillMode=mixed
[Install]
WantedBy=multi-user.target
Alias=dbus-org.fedoraproject.FirewallD1.service
These changes are made to the first section of the file under ‘[Unit]’. What we have changed is to comment out these 2 lines:
# Before=network-pre.target
# Wants=network-pre.target
and adding one line after the line ‘After=polkit.service’ like this:
After=polkit.service
After=NetworkManager.service
The end result should be like the file posted above.