Propose to reload the service if running by default (bsc#1114673)

package/yast2-firewall.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Jan 17 12:53:20 UTC 2019 - knut.anderssen@suse.com
+
+- Propose to reload the firewalld service after writing instead of
+  restarting it as in other case it will unload kernel modules and
+  terminate existing connections (bsc#1114673, bsc#1121277)
+- 4.1.9
+
 -------------------------------------------------------------------
 Wed Jan 16 12:02:14 UTC 2019 - jreidinger@suse.com
 

package/yast2-firewall.spec

@@ -17,7 +17,7 @@
 
 
 Name:           yast2-firewall
-Version:        4.1.8
+Version:        4.1.9
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

src/lib/y2firewall/dialogs/main.rb

@@ -42,6 +42,10 @@ def initialize
           Yast::NetworkInterfaces.Read
           fw.read unless fw.read?
         end
+        # For applying the changes to the running configuration a reload or
+        # restart need to be applied.
+        # Proposed a service reload by default (bsc#1114673, bsc#1121277)
+        fw.system_service.reload if fw.system_service && fw.system_service.running?
       end
 
       def should_open_dialog?
@@ -69,7 +73,6 @@ def run
 
         loop do
           result = super
-          swap_api if result == :swap_mode
           break unless continue_running?(result)
         end
 
@@ -110,7 +113,7 @@ def back_handler
       #
       # @return [Boolean] true in case of a dialog redraw or an api change
       def continue_running?(result)
-        result == :redraw || result == :swap_mode
+        result == :redraw
       end
 
       # Convenience method which return an instance of Y2Firewall::Firewalld
@@ -120,27 +123,10 @@ def fw
         Y2Firewall::Firewalld.instance
       end
 
-      # Modify the firewalld API instance in case the systemd service state has
-      # changed.
-      def swap_api
-        fw.api = Y2Firewall::Firewalld::Api.new
-      end
-
       # Writes down the firewall configuration and the systemd service
       # modifications
       def apply_changes
         return false if Yast::Mode.config
-        # Firewall settings will be written into the permanent configurations only.
-        # So the running firewalld service will not be changed. Even a reload does
-        # not help (see man pages). So the running firewalld service has to be
-        # restarted.
-        # Set a flag only. Restarting will be done by system_service.save.
-        if fw.modified? && # Data has been changed by user
-            fw.system_service.running? &&      # The service is already running
-            fw.system_service.action != :stop  # and will not be stopped by the user
-          fw.system_service.restart
-        end
-
         fw.write_only
         fw.system_service.save
       end

test/lib/y2firewall/dialogs/main_test.rb

@@ -61,7 +61,8 @@
         save:     true,
         running?: true,
         restart:  nil,
-        action:   action)
+        action:   action,
+        reload:   nil)
     end
 
     before do
@@ -70,6 +71,12 @@
       allow(firewall).to receive(:modified?).and_return(true)
     end
 
+    it "proposes to reload the service by default if it is running" do
+      expect(firewall_service).to receive(:reload)
+
+      subject.run
+    end
+
     context "when the user accepts the changes" do
       it "writes the firewall configuration" do
         expect(firewall).to receive(:write_only)
@@ -83,16 +90,6 @@
         subject.run
       end
 
-      context "user has not changed the service running state" do
-        let(:action) { nil }
-
-        it "restart the running firewalld systemd service" do
-          expect(firewall.system_service).to receive(:restart)
-
-          subject.run
-        end
-      end
-
       context "service has been stopped by the user" do
         let(:action) { :stop }