runtime-to-permanent does not work as expected when all elements of a list have been removed

[matthias-prangl]

What happened

If all elements of a list (like serivces or sources) from a zone are removed at runtime and the changes are to be commited by runtime-to-permanent the entire list is restored to the old permanent state.

What you expected to happen

I expect no checked services on a zone if every service has been removed.

How to reproduce it (as minimally and precisely as possible)

• remove all sources of a zone
• do runtime-to-permanent
• reload firewalld

firewall-cmd --permanent --new-zone=testzone
firewall-cmd --permanent --zone=testzone --add-source=1.1.1.1
firewall-cmd --reload
firewall-cmd --zone testzone --remove-source=1.1.1.1
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
firewall-cmd --zone testzone --list-sources

I would expect the snippet above to create a new zone "testzone" with no assigned source after all commands have been executed.

Anything else we need to know?

No response

Firewalld Version

1.3.4

Firewalld Backend

nftables

Linux distribution

NAME="Fedora Linux" VERSION="38 (Workstation Edition)" ID=fedora VERSION_ID=38 VERSION_CODENAME="" PLATFORM_ID="platform:f38" PRETTY_NAME="Fedora Linux 38 (Workstation Edition)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:38" DEFAULT_HOSTNAME="fedora" HOME_URL="https://fedoraproject.org/" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f38/system-administrators-guide/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://bugzilla.redhat.com/" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=38 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=38 SUPPORT_END=2024-05-14 VARIANT="Workstation Edition" VARIANT_ID=workstation

Linux kernel version

6.5.10-200.fc38.x86_64

Other information

Affects 2.0.0 as well