agama-web-server: keep working even if IPv6 is not available#3111
Closed
agama-web-server: keep working even if IPv6 is not available#3111
Conversation
imobachgs
reviewed
Feb 2, 2026
Contributor
imobachgs
left a comment
imobachgs
left a comment
There was a problem hiding this comment.
Thanks! I was wondering whether we should keep --address2 given that you can already specify multiple addresses. Or perhaps we could just allow multiple --address arguments.
Contributor
|
The fix is included in #3269, closing... |
lslezak
added a commit
that referenced
this pull request
Mar 12, 2026
## Problem - https://jira.suse.com/browse/AGM-153 - For security reasons it should be possible to disable remote access to the Agama web server. A server which is not reachable cannot be hacked. :smiley: ## Solution - Add a new `inst.listen_on` boot option, the possible values: - `inst.listen_on=all` - listen on all network interfaces (allow local and remote access). This is the default behavior used even without the `inst.listen_on` option, added just for completeness. - `inst.listen_on=localhost` - listen only on loop back (localhost) device. This disables remote access, Agama can be accessed only locally. - `inst.listen_on=<ip>` - listen on the specified IP address. Both IPv4 and IPv6 addresses are supported. It is possible to use multiple IP addresses separated by comma. Addresses not found in the system are ignored. - `inst.listen_on=<interface>` - listen on the specified network interface. Multiple interfaces can be separated by comma. Not found interfaces are ignored. Agama always listens on the local loop back interface even when specifying a specific network interface or IP address for listening. The reason is to avoid reporting connection errors by the Firefox started in the Live ISO. ## Details - The `--address2` CLI option has been removed, instead it is possible to specify `--address` option multiple times. - The PR includes the @mvidner's patch #3111 - fallback to an IPv4 address when listening to IPv6 address fails (when IPv6 is disabled with the `ipv6.disable=1` boot option) - Added the `agama-web-server.sh` wrapper script started from the systemd service. It evaluates the boot parameters and builds the address parameters for the Agama server. ## Notes - The other network services like SSH can be disabled using the standard `systemd.mask` boot option. For example to disable the SSH service use this boot option: `systemd.mask=sshd.service`. (I'll document this as well...) ## Testing - Tested manually in all scenarios: with disabled remote access, listening on the specified IPv6 (including link local address) or IPv4 address, listening on specified interface, listening on multiple interfaces - Tested Martin's patch with the `ipv6.disable=1` boot option, Agama properly listens on the IPv4 addresses in that case. --------- Co-authored-by: Martin Vidner <mvidner@suse.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The Agama installer does not start if IPv6 is disabled on the kernel command line with 'ipv6.disable=1'.
Solution
If
:::$PORTdoes not work, try on0.0.0.0:$PORTIt works but the code is hacky.
Testing
Tested manually in a VM booted with
ipv6.disable=1Screenshots
If the fix affects the UI attach some screenshots here.
Documentation
Remember to look at it from the user's perspective. Yes you have made the compiler happy.
But will the humans even know about your contribution? Sometimes they cannot miss it,
other times they need advertisement and explanation.
Look for relevant sections and adjust:
*.changesfiles. For ALL affected packages.change the
///comments (rust doc)and update the .md with
cargo xtask markdowngit ls-files '*.md'