From c29388bf028d404066e46ea55abc4058abce4078 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Tue, 3 Jun 2014 08:58:20 +0200
Subject: [PATCH] firewall: fix ZONE_CONFLICT when adding firewall interface to
 zone

Firewalld call addInterface() fails with ZONE_CONFLICT if the interface
is already part of another zone. This complicates the code in NM,
because we would have to keep better track of the zone in which the
interface currently is. Which might be quite difficult because
the zone might be changed from an external program (so we would have
to monitor the firewall configuration and work around potential races).

A better and simpler fix is to simply always use the changeZone() call.
This will do the right thing, regardless if the interface is already part
of a zone or not.

https://bugzilla.redhat.com/show_bug.cgi?id=1103782

Signed-off-by: Thomas Haller <thaller@redhat.com>
---
 src/devices/nm-device.c | 6 +++---
 src/nm-policy.c         | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 0cee808a27..c4fd15a12a 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -4010,7 +4010,7 @@ out:
 
 
 static void
-fw_add_to_zone_cb (GError *error, gpointer user_data)
+fw_change_zone_cb (GError *error, gpointer user_data)
 {
 	NMDevice *self = NM_DEVICE (user_data);
 	NMDevicePrivate *priv = NM_DEVICE_GET_PRIVATE (self);
@@ -4059,8 +4059,8 @@ nm_device_activate_schedule_stage3_ip_config_start (NMDevice *self)
 	priv->fw_call = nm_firewall_manager_add_or_change_zone (priv->fw_manager,
 	                                                        nm_device_get_ip_iface (self),
 	                                                        zone,
-	                                                        TRUE,
-	                                                        fw_add_to_zone_cb,
+	                                                        FALSE,
+	                                                        fw_change_zone_cb,
 	                                                        self);
 }
 
diff --git a/src/nm-policy.c b/src/nm-policy.c
index 90cb13af8e..c85f3217d3 100644
--- a/src/nm-policy.c
+++ b/src/nm-policy.c
@@ -1886,7 +1886,7 @@ firewall_started (NMFirewallManager *manager,
 			nm_firewall_manager_add_or_change_zone (priv->fw_manager,
 			                                        nm_device_get_ip_iface (dev),
 			                                        nm_setting_connection_get_zone (s_con),
-			                                        TRUE, /* add zone */
+			                                        FALSE, /* still change zone */
 			                                        add_or_change_zone_cb,
 			                                        g_object_ref (dev));
 		}