Page MenuHomePhabricator

fix fail closed mechanism
Open, NormalPublic

Description

i.e. do not start networking if whonix-firewall.service fails to load.

Currently disabled since it breaks networking on whonix-firewall package upgrades.

Details

Impact
Normal

Event Timeline

Patrick created this task.Nov 17 2018, 6:12 AM
Patrick triaged this task as Normal priority.

Maybe disable it just for package upgrades?

You could edit whonix-firewall to disable the fail closed mechanism if an apt upgrade is running then after, it could re-enable it.

You'd probably want something like:

disable_fail_closed {
  ## Check if apt is being used to update.
  if ps aux | grep "apt \-\-upgrade"; then

    ## Disables fail closed mechanism.
    sed -i 's/After=whonix-firewall.service/#After=whonix-firewall.service/' /lib/systemd/system/networking.service.d/30_whonix-gw-firewall-fail-closed.conf
    sed -i 's/Requires=whonix-firewall.service/#After=whonix-firewall.service/' /lib/systemd/system/networking.service.d/30_whonix-gw-firewall-fail-closed.conf
  fi

  ## Checks if apt is not being used to update.
  if ! ps aux | grep "apt \-\-upgrade"; then

    ## Enables fail closed mechanism.
    sed -i 's/#After=whonix-firewall.service/After=whonix-firewall.service/' /lib/systemd/system/networking.service.d/30_whonix-gw-firewall-fail-closed.conf
    sed -i 's/#Requires=whonix-firewall.service/After=whonix-firewall.service/' /lib/systemd/system/networking.service.d/30_whonix-gw-firewall-fail-closed.conf
  fi
}

Detection of other ways of updating like --dist-upgrade will obviously need to be added.

Seems quite hacky. What's the root cause for failing?

Seems quite hacky. What's the root cause for failing?

Probably, when the package is getting updated, it disables the firewall for a minute so it can apply the updates and the fail closed mechanism kicks in.

I can't think of any other way to fix this.

Seems quite hacky. What's the root cause for failing?

Probably, when the package is getting updated, it disables the firewall for a minute so it can apply the updates and the fail closed mechanism kicks in.

I don't think anything Debian does would modify any iptables rules nor Whonix ships any code to disable the firewall. So "disables the firewall for a minute" is non-existing. Would be bad if that happened.