Bug#1068678: nftables: on sysvinit the init script does not start nftables at boot

Mon, 08 Apr 2024 17:39:14 -0700 

Package: nftables
Version: 1.0.6-2+deb12u2
Severity: normal

Dear Maintainer,
the installation of nftables completed via apt from the stable repository leads to the creation of the following init script on a system with sysvinit without Systemd: 

  /etc/init.d/nftables

whose LSB section is:

  ### BEGIN INIT INFO
  # Provides:          nftables
  # Required-Start:    $local_fs $network
  # Required-Stop:     $local_fs $network
  # Should-Start:
  # Default-Start:     S
  # Default-Stop:      0 1 6
  # Short-Description: Loads nftables firewall rules
  # Description: Loads nftables firewall rules
  ### END INIT INFO
The "Default-Start" tag is set to "S", which is problematic as it causes the script to never run at boot. If "S" is replaced by "1 2 3" the script instead runs at boot as intended. This seems to be a general problem with all init scripts under Debian whose "Default-Start" tag is set to "S". For example, I created the test file 

  /etc/init.d/test.sh

with the following content:

  #!/bin/bash

  ### BEGIN INIT INFO
  # Provides:          test
  # Required-Start:
  # Required-Stop:
  # Should-Start:
  # Default-Start:     S
  # Default-Stop:      0 1 6
  # Short-Description: Test
  # Description: Test
  ### END INIT INFO

  echo $(date) "$@" >>/root/test.txt

and I enable it with:

  update-rc.d test.sh defaults

which results in these, and only these, rc symlinks being created:

  rc0.d/K01test.sh
  rc1.d/K01test.sh
  rc6.d/K01test.sh
  rcS.d/S01test.sh
After rebooting the system from an empty '/root/test.txt' file, the contents of this file become: 

  Tue Apr 9 01:26:50 CEST 2024 stop
in which only one line is logged, corresponding to the time when I issued the reboot command, with no follow-up lines after the reboot. My sysvinit configuration is unremarkably default and I encountered this problem on every Debian system under sysvinit. 

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE not set 
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages nftables depends on:
ii  libc6         2.36-9+deb12u3
ii  libedit2      3.1-20221030-2
ii  libnftables1  1.0.6-2+deb12u2

Versions of packages nftables recommends:
ii  netbase  6.4

Versions of packages nftables suggests:
pn  firewalld  <none>

-- Configuration Files:
/etc/nftables.conf changed [not included]

-- no debconf information

Reply via email to