[BUG] firewalld states fail with openSUSE MicroOS

[SchoolGuy]

Description

On openSUSE MicroOS (and I guess other transactional systems) the firewalld states fail because firewall-cmd cannot connect to the dbus inside the transaction. This also may happen to other Salt modules that are utilizing the dbus inside a transaction but I didn't explicitly test this.

Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)

firewalld-k8s-public:
  firewalld.present:
    - name: public
    - ports:
      - 6443/tcp

Please be as specific as possible and give set-up details.

• on-prem machine
• VM (Virtualbox, KVM, etc. please specify)
• VM running on a cloud service, please be explicit and add details
• container (Kubernetes, Docker, containerd, etc. please specify)
• or a combination, please be explicit
• jails if it is FreeBSD
• classic packaging
• onedir packaging
• used bootstrap to install

Steps to Reproduce the behavior

1. Use the state given at the start of the bug description.
2. Apply it on openSUSE MicroOS
3. See error returned by the minion executing the state.

----------
          ID: firewalld-k8s-public
    Function: firewalld.present
        Name: public
      Result: False
     Comment: Error: firewall-cmd failed: Error: DBUS_ERROR: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
     Started: 21:09:25.598104
    Duration: 266.88 ms
     Changes:   

Expected behavior

Salt should be able to configure firewalld without issues on transactional systems.

Screenshots
If applicable, add screenshots to help explain your problem.

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)

Salt Version:
          Salt: 3006.0
 
Python Version:
        Python: 3.11.8 (main, Feb 08 2024, 08:03:16) [GCC]
 
Dependency Versions:
          cffi: 1.16.0
      cherrypy: Not Installed
      dateutil: Not Installed
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.3
       libgit2: 1.7.2
  looseversion: 1.3.0
      M2Crypto: 0.40.0
          Mako: Not Installed
       msgpack: 1.0.7
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 23.2
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: Not Installed
        pygit2: 1.14.1
  python-gnupg: Not Installed
        PyYAML: 6.0.1
         PyZMQ: 25.1.2
        relenv: Not Installed
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.5
 
System Versions:
          dist: opensuse-microos 20240307 
        locale: utf-8
       machine: x86_64
       release: 6.7.7-1-default
        system: Linux
       version: openSUSE MicroOS 20240307

Additional context

I am using the RPM built by the openSUSE community with the salt-transactional-update. In the following you are seeing that firewalld is in fact running and active but Salt can't access it:

esprimo-2:~ # firewall-cmd --list-all
public (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: enp0s31f6
  sources: 
  services: dhcpv6-client ssh
  ports: 6443/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
esprimo-2:~ # transactional-update shell
Checking for newer version.
transactional-update 4.6.0 started
Options: shell
Separate /var detected.
2024-03-09 21:09:41 tukit 4.6.0 started
2024-03-09 21:09:41 Options: -c12 open 
2024-03-09 21:09:42 Using snapshot 12 as base for new snapshot 13.
2024-03-09 21:09:42 /var/lib/overlay/12/etc
2024-03-09 21:09:42 Syncing /etc of previous snapshot 11 as base into new snapshot "/.snapshots/13/snapshot"
2024-03-09 21:09:42 SELinux is enabled.
Relabeled /var/lib/rancher/k3s from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent/containerd from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/data from system_u:object_r:var_lib_t:s0 to system_u:object_r:k3s_data_t:s0
ID: 13
2024-03-09 21:09:44 Transaction completed.
Opening chroot in snapshot 13, continue with 'exit'
2024-03-09 21:09:44 tukit 4.6.0 started
2024-03-09 21:09:44 Options: call 13 bash 
2024-03-09 21:09:45 Executing `bash`:
transactional update # firewall-cmd --list-all
Error: DBUS_ERROR: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
transactional update # exit
2024-03-09 21:09:57 Application returned with exit status 36.
2024-03-09 21:09:57 tukit 4.6.0 started
2024-03-09 21:09:57 Options: close 13 
2024-03-09 21:09:59 New default snapshot is #13 (/.snapshots/13/snapshot).
2024-03-09 21:09:59 Transaction completed.

Please reboot your machine to activate the changes and avoid data loss.
New default snapshot is #13 (/.snapshots/13/snapshot).
transactional-update finished

[welcome]

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

• Community Wiki
• Salt’s Contributor Guide
• Join our Community Slack
• IRC on LiberaChat
• Salt Project YouTube channel
• Salt Project Twitch channel

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!