From bb0a39dbbc450abcdd4f173dd601422a0a4a4574 Mon Sep 17 00:00:00 2001
From: Alexander Stefanov <alexander@mezon.ru>
Date: Sat, 5 Dec 2020 09:52:59 +0000
Subject: [PATCH] add firewalld rule

---
 docker-zone.xml | 6 ++++++
 docker.spec     | 6 ++++++
 2 files changed, 12 insertions(+)
 create mode 100644 docker-zone.xml

diff --git a/docker-zone.xml b/docker-zone.xml
new file mode 100644
index 0000000..34e123b
--- /dev/null
+++ b/docker-zone.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone target="ACCEPT">
+  <short>docker</short>
+  <description>All network connections are accepted.</description>
+  <interface name="docker0"/>
+</zone>
diff --git a/docker.spec b/docker.spec
index 5f7856f..0b87705 100644
--- a/docker.spec
+++ b/docker.spec
@@ -23,6 +23,7 @@ Source0:	https://github.com/docker/docker-ce/archive/v%{version}.tar.gz?/%{name}
 Source1:	%{name}.service
 Source2:	%{name}.sysconfig
 Source3:	%{name}-storage.sysconfig
+Source5:	docker-zone.xml
 Source6:	%{name}-network.sysconfig
 Source7:	%{name}.socket
 Source8:	%{name}-network-cleanup.sh
@@ -82,6 +83,7 @@ servers, OpenStack clusters, public instances, or combinations of the above.
 %dir %{_localstatedir}/lib/%{name}
 %{_udevrulesdir}/80-%{name}.rules
 %{_sysconfdir}/modules-load.d/overlay.conf
+%{_prefix}/lib/firewalld/zones/docker.xml
 
 %pre
 getent group %{name} > /dev/null || %{_sbindir}/groupadd -r %{name}
@@ -243,6 +245,10 @@ install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/%{name}-storag
 install -d %{buildroot}%{_sbindir}
 install -p -m 755 %{SOURCE8} %{buildroot}%{_sbindir}/%{name}-network-cleanup
 
+# add firewalld zone (cf #1817022)
+install -dp %{buildroot}%{_prefix}/lib/firewalld/zones
+install -p -m 644 %{SOURCE5} %{buildroot}%{_prefix}/lib/firewalld/zones/docker.xml
+
 install -d %{buildroot}%{_presetdir}
 cat > %{buildroot}%{_presetdir}/86-%{name}.preset << EOF
 enable %{name}.socket