test: Disable firewalld StrictForwardPorts on RHEL 10

RHEL 10 started to break `podman -p` port forwarding to localhost by default [1]. This was a deliberate change [2][3]. We really don't care about firewalling localhost ports from containers (does anybody really?), so revert back to the previous behaviour (which is still the default on Fedora) of having StrictForwardPorts=no. This obsoletes our naughty cockpit-project/bots#7291 [1] https://issues.redhat.com/browse/RHEL-72937 [2] https://firewalld.org/2024/11/strict-forward-ports [3] firewalld/firewalld#1380
martinpitt · Jan 7, 2025 · 90a66b4 · 90a66b4
1 parent e044723
commit 90a66b4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/test/vm.install b/test/vm.install
@@ -23,6 +23,12 @@ Delegate=cpu cpuset io memory pids
 EOF
 fi
 
+if grep -q platform:el10 /usr/lib/os-release; then
+    # HACK: unbreak container port forwarding to localhost
+    # https://firewalld.org/2024/11/strict-forward-ports and https://github.com/firewalld/firewalld/issues/1380
+    sed -i 's/StrictForwardPorts=yes/StrictForwardPorts=no/' /etc/firewalld/firewalld.conf
+fi
+
 # don't force https:// (self-signed cert)
 mkdir -p /etc/cockpit
 printf "[WebService]\\nAllowUnencrypted=true\\n" > /etc/cockpit/cockpit.conf