fw_transaction: On clear zone transaction, must clear fw and other zones

Just like FirewallZoneTransaction.execute() that was spawned from a FirewallTransaction must call FirewallTransaction.exectue() we should also make sure the same is done for clear(). Otherwise we can end up with a partially cleared transaction. This gets really hairy if the FirewallTransaction contains many instances of FirewallZoneTransaction which is common during startup with non-default configuration. Fixes: #374 (cherry picked from commit 2e53fab)
firewalld · Sep 21, 2018 · edfe939 · edfe939
1 parent 5494006
commit edfe939
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/src/firewall/core/fw_transaction.py b/src/firewall/core/fw_transaction.py
@@ -231,9 +231,19 @@ def __init__(self, fw, zone, fw_transaction=None):
         self.modules = [ ] # [ module,.. ]
 
     def clear(self):
-        super(FirewallZoneTransaction, self).clear()
-        del self.chains[:]
-        del self.modules[:]
+        # calling clear on a zone_transaction that was spawned from a
+        # FirewallTransaction needs to clear the fw_transaction and all the
+        # other zones otherwise we end up with a partially cleared transaction.
+        if self.fw_transaction:
+            super(FirewallTransaction, self.fw_transaction).clear()
+            for zone in self.fw_transaction.zone_transactions.keys():
+                super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear()
+                del self.fw_transaction.zone_transactions[zone].chains[:]
+                del self.fw_transaction.zone_transactions[zone].modules[:]
+        else:
+            super(FirewallZoneTransaction, self).clear()
+            del self.chains[:]
+            del self.modules[:]
 
     def prepare(self, enable, rules=None, modules=None):
         log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "..."))