source-git / firewalld

Clone
Source Code
GIT

Blame src/firewalld.in

c8 c8s master
  1.   1fe779d4a528eb5f6ca0c4147e3a2cc55be4aa6b
  2.   src
  3.   firewalld.in
Blob History Raw
Packit Service 84cb3c 
#!@PYTHON@
Packit Service 84cb3c 
# -*- coding: utf-8 -*-
Packit Service 84cb3c 
#
Packit Service 84cb3c 
# Copyright (C) 2010-2016 Red Hat, Inc.
Packit Service 84cb3c 
# Authors:
Packit Service 84cb3c 
# Thomas Woerner <twoerner@redhat.com>
Packit Service 84cb3c 
#
Packit Service 84cb3c 
# This program is free software; you can redistribute it and/or modify
Packit Service 84cb3c 
# it under the terms of the GNU General Public License as published by
Packit Service 84cb3c 
# the Free Software Foundation; either version 2 of the License, or
Packit Service 84cb3c 
# (at your option) any later version.
Packit Service 84cb3c 
#
Packit Service 84cb3c 
# This program is distributed in the hope that it will be useful,
Packit Service 84cb3c 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 84cb3c 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 84cb3c 
# GNU General Public License for more details.
Packit Service 84cb3c 
#
Packit Service 84cb3c 
# You should have received a copy of the GNU General Public License
Packit Service 84cb3c 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
Packit Service 84cb3c 
#
Packit Service 84cb3c 
# python fork magic derived from setroubleshoot
Packit Service 84cb3c 
# Copyright (C) 2006,2007,2008,2009 Red Hat, Inc.
Packit Service 84cb3c 
# Authors:
Packit Service 84cb3c 
#   John Dennis <jdennis@redhat.com>
Packit Service 84cb3c 
#   Dan Walsh <dwalsh@redhat.com>
Packit Service 84cb3c
Packit Service 84cb3c 
import os
Packit Service 84cb3c 
import sys
Packit Service 84cb3c 
import dbus
Packit Service 84cb3c 
import traceback
Packit Service 84cb3c 
import argparse
Packit Service 84cb3c
Packit Service 84cb3c 
from firewall import config
Packit Service 84cb3c 
from firewall.functions import firewalld_is_active
Packit Service 84cb3c 
from firewall.core.logger import log, FileLog
Packit Service 84cb3c
Packit Service 84cb3c 
def parse_cmdline():
Packit Service 84cb3c 
    parser = argparse.ArgumentParser()
Packit Service 84cb3c 
    parser.add_argument('--debug',
Packit Service 84cb3c 
                        nargs='?', const=1, default=0, type=int,
Packit Service 84cb3c 
                        choices=range(1, log.DEBUG_MAX+1),
Packit Service 84cb3c 
                        help="""Enable logging of debug messages.
Packit Service 84cb3c 
                                Additional argument in range 1..%s can be used
Packit Service 84cb3c 
                                to specify log level.""" % log.DEBUG_MAX,
Packit Service 84cb3c 
                        metavar="level")
Packit Service 84cb3c 
    parser.add_argument('--debug-gc',
Packit Service 84cb3c 
                        help="""Turn on garbage collector leak information.
Packit Service 84cb3c 
                        The collector runs every 10 seconds and if there are
Packit Service 84cb3c 
                        leaks, it prints information about the leaks.""",
Packit Service 84cb3c 
                        action="store_true")
Packit Service 84cb3c 
    parser.add_argument('--nofork',
Packit Service 84cb3c 
                        help="""Turn off daemon forking,
Packit Service 84cb3c 
                                run as a foreground process.""",
Packit Service 84cb3c 
                        action="store_true")
Packit Service 84cb3c 
    parser.add_argument('--nopid',
Packit Service 84cb3c 
                        help="""Disable writing pid file and don't check
Packit Service 84cb3c 
                                for existing server process.""",
Packit Service 84cb3c 
                        action="store_true")
Packit Service 84cb3c 
    parser.add_argument('--system-config',
Packit Service 84cb3c 
                        help="""Path to firewalld system configuration""",
Packit Service 84cb3c 
                        metavar="path")
Packit Service 84cb3c 
    parser.add_argument('--default-config',
Packit Service 84cb3c 
                        help="""Path to firewalld default configuration""",
Packit Service 84cb3c 
                        metavar="path")
Packit Service 84cb3c 
    parser.add_argument('--log-file',
Packit Service 84cb3c 
                        help="""Path to firewalld log file""",
Packit Service 84cb3c 
                        metavar="path")
Packit Service 84cb3c 
    return parser.parse_args()
Packit Service 84cb3c
Packit Service 84cb3c 
def setup_logging(args):
Packit Service 84cb3c 
    # Set up logging capabilities
Packit Service 84cb3c 
    log.setDateFormat("%Y-%m-%d %H:%M:%S")
Packit Service 84cb3c 
    log.setFormat("%(date)s %(label)s%(message)s")
Packit Service 84cb3c 
    log.setInfoLogging("*", log.syslog, [ log.FATAL, log.ERROR, log.WARNING ],
Packit Service 84cb3c 
                       fmt="%(label)s%(message)s")
Packit Service 84cb3c 
    log.setDebugLogLevel(log.NO_INFO)
Packit Service 84cb3c 
    log.setDebugLogLevel(log.NO_DEBUG)
Packit Service 84cb3c
Packit Service 84cb3c 
    if args.debug:
Packit Service 84cb3c 
        log.setInfoLogLevel(log.INFO_MAX)
Packit Service 84cb3c 
        log.setDebugLogLevel(args.debug)
Packit Service 84cb3c 
        if args.nofork:
Packit Service 84cb3c 
            log.addInfoLogging("*", log.stdout)
Packit Service 84cb3c 
            log.addDebugLogging("*", log.stdout)
Packit Service 84cb3c
Packit Service 84cb3c 
    log_file = FileLog(config.FIREWALLD_LOGFILE, "a")
Packit Service 84cb3c 
    try:
Packit Service 84cb3c 
        log_file.open()
Packit Service 84cb3c 
    except IOError as e:
Packit Service 84cb3c 
        log.error("Failed to open log file '%s': %s", config.FIREWALLD_LOGFILE,
Packit Service 84cb3c 
                  str(e))
Packit Service 84cb3c 
    else:
Packit Service 84cb3c 
        log.addInfoLogging("*", log_file, [ log.FATAL, log.ERROR, log.WARNING ])
Packit Service 84cb3c 
        log.addDebugLogging("*", log_file)
Packit Service 84cb3c 
        if args.debug:
Packit Service 84cb3c 
            log.addInfoLogging("*", log_file)
Packit Service 84cb3c 
            log.addDebugLogging("*", log_file)
Packit Service 84cb3c
Packit Service 84cb3c 
def startup(args):
Packit Service 84cb3c 
    try:
Packit Service 84cb3c 
        if not args.nofork:
Packit Service 84cb3c 
            # do the UNIX double-fork magic, see Stevens' "Advanced
Packit Service 84cb3c 
            # Programming in the UNIX Environment" for details (ISBN 0201563177)
Packit Service 84cb3c 
            pid = os.fork()
Packit Service 84cb3c 
            if pid > 0:
Packit Service 84cb3c 
                # exit first parent
Packit Service 84cb3c 
                sys.exit(0)
Packit Service 84cb3c
Packit Service 84cb3c 
            # decouple from parent environment
Packit Service 84cb3c 
            os.chdir("/")
Packit Service 84cb3c 
            os.setsid()
Packit Service 84cb3c 
            os.umask(os.umask(0o077) | 0o022)
Packit Service 84cb3c
Packit Service 84cb3c 
            # Do not close the file descriptors here anymore
Packit Service 84cb3c 
            # File descriptors are now closed in runProg before execve
Packit Service 84cb3c
Packit Service 84cb3c 
            # Redirect the standard I/O file descriptors to /dev/null
Packit Service 84cb3c 
            if hasattr(os, "devnull"):
Packit Service 84cb3c 
                REDIRECT_TO = os.devnull
Packit Service 84cb3c 
            else:
Packit Service 84cb3c 
                REDIRECT_TO = "/dev/null"
Packit Service 84cb3c 
            fd = os.open(REDIRECT_TO, os.O_RDWR)
Packit Service 84cb3c 
            os.dup2(fd, 0)  # standard input (0)
Packit Service 84cb3c 
            os.dup2(fd, 1)  # standard output (1)
Packit Service 84cb3c 
            os.dup2(fd, 2)  # standard error (2)
Packit Service 84cb3c
Packit Service 84cb3c 
        if not args.nopid:
Packit Service 84cb3c 
            # write the pid file
Packit Service 84cb3c 
            with open(config.FIREWALLD_PIDFILE, "w") as f:
Packit Service 84cb3c 
                f.write(str(os.getpid()))
Packit Service 84cb3c
Packit Service 84cb3c 
        if not os.path.exists(config.FIREWALLD_TEMPDIR):
Packit Service 84cb3c 
            os.mkdir(config.FIREWALLD_TEMPDIR, 0o750)
Packit Service 84cb3c
Packit Service 84cb3c 
        if args.system_config:
Packit Service 84cb3c 
            config.set_system_config_paths(args.system_config)
Packit Service 84cb3c
Packit Service 84cb3c 
        if args.default_config:
Packit Service 84cb3c 
            config.set_default_config_paths(args.default_config)
Packit Service 84cb3c
Packit Service 84cb3c 
        # Start the server mainloop here
Packit Service 84cb3c 
        from firewall.server import server
Packit Service 84cb3c 
        server.run_server(args.debug_gc)
Packit Service 84cb3c
Packit Service 84cb3c 
        # Clean up on exit
Packit Service 84cb3c 
        if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE):
Packit Service 84cb3c 
            os.remove(config.FIREWALLD_PIDFILE)
Packit Service 84cb3c
Packit Service 84cb3c 
    except OSError as e:
Packit Service 84cb3c 
        log.fatal("Fork #1 failed: %d (%s)" % (e.errno, e.strerror))
Packit Service 84cb3c 
        log.error(traceback.format_exc())
Packit Service 84cb3c 
        if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE):
Packit Service 84cb3c 
            os.remove(config.FIREWALLD_PIDFILE)
Packit Service 84cb3c 
        sys.exit(1)
Packit Service 84cb3c
Packit Service 84cb3c 
    except dbus.exceptions.DBusException as e:
Packit Service 84cb3c 
        log.fatal(str(e))
Packit Service 84cb3c 
        log.error(traceback.format_exc())
Packit Service 84cb3c 
        if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE):
Packit Service 84cb3c 
            os.remove(config.FIREWALLD_PIDFILE)
Packit Service 84cb3c 
        sys.exit(1)
Packit Service 84cb3c
Packit Service 84cb3c 
    except IOError as e:
Packit Service 84cb3c 
        log.fatal(str(e))
Packit Service 84cb3c 
        log.error(traceback.format_exc())
Packit Service 84cb3c 
        if not args.nopid and os.path.exists(config.FIREWALLD_PIDFILE):
Packit Service 84cb3c 
            os.remove(config.FIREWALLD_PIDFILE)
Packit Service 84cb3c 
        sys.exit(1)
Packit Service 84cb3c
Packit Service 84cb3c 
def main():
Packit Service 84cb3c 
    # firewalld should only be run as the root user
Packit Service 84cb3c 
    if os.getuid() != 0:
Packit Service 84cb3c 
        print("You need to be root to run %s." % sys.argv[0])
Packit Service 84cb3c 
        sys.exit(-1)
Packit Service 84cb3c
Packit Service 84cb3c 
    # Process the command-line arguments
Packit Service 84cb3c 
    args = parse_cmdline()
Packit Service 84cb3c
Packit Service 84cb3c 
    if args.log_file:
Packit Service 84cb3c 
        config.FIREWALLD_LOGFILE = args.log_file
Packit Service 84cb3c
Packit Service 84cb3c 
    setup_logging(args)
Packit Service 84cb3c
Packit Service 84cb3c 
    # Don't attempt to run two copies of firewalld simultaneously
Packit Service 84cb3c 
    if not args.nopid and firewalld_is_active():
Packit Service 84cb3c 
        log.fatal("Not starting FirewallD, already running.")
Packit Service 84cb3c 
        sys.exit(1)
Packit Service 84cb3c
Packit Service 84cb3c 
    startup(args)
Packit Service 84cb3c
Packit Service 84cb3c 
    sys.exit(0)
Packit Service 84cb3c
Packit Service 84cb3c 
if __name__ == '__main__':
Packit Service 84cb3c 
    main()

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation