From 43157dd8102caca65113c3bb3c02235893621fda Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Tue, 18 Mar 2025 12:45:46 +0100
Subject: [PATCH] Restart libvirtd after firewalld.service restart

Starting libvirtd.service provides iptable rules for NATed network virbr0.
When starting firewalld.service after libvirtd, these rules will be
overwritten. So NAT will no longer work. Restart of libvirtd fixes the
rules again.
---
 roles/lmn_fvs/files/pam-exec.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/lmn_fvs/files/pam-exec.sh b/roles/lmn_fvs/files/pam-exec.sh
index 967701d..4f54861 100644
--- a/roles/lmn_fvs/files/pam-exec.sh
+++ b/roles/lmn_fvs/files/pam-exec.sh
@@ -5,6 +5,12 @@
 
 if [[ "${PAM_USER}" =~ -exam$ ]]; then
   systemctl start firewalld.service
+  if systemctl is-enabled --quiet libvirtd.service; then
+    systemctl restart libvirtd.service
+  fi
 elif ! (users | grep -q -- "-exam"); then
-   systemctl stop firewalld.service
+  systemctl stop firewalld.service
+  if systemctl is-enabled --quiet libvirtd.service; then
+    systemctl restart libvirtd.service
+  fi
 fi