firewalld this doesn't seem right....
Daniel J Walsh
dwalsh at redhat.com
Tue Oct 2 18:53:26 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/01/2012 07:34 PM, Ed Greshko wrote:
> On 10/01/2012 10:04 PM, Stephen John Smoogen wrote:
>> On 30 September 2012 23:09, Ed Greshko <Ed.Greshko at greshko.com> wrote:
>>> I just started playing around with firewalld and I found something that
>>> doesn't seem right to me.
>>>
>>> If any user starts firewall-applet and then selects "Block all network
>>> traffic" it will do as asked without any prompt for root's password or
>>> any other authentication.
>>>
>>> This seems crazy to me.
>> Does the opposite work? Can the person turn off the firewall?
>>
>
> I imagine that the on/off setting is what is labeled "Shields UP". Not
> sure of their jargon. But, here is the "strange" thing.
>
> When the applet is started the "Shields UP" is unchecked. But, for sure
> the firewall is running.
>
> If you check the box, you get an authentication dialog. If you hit
> "cancel" I would expect the box to remain unchecked. However, it switches
> to being checked....even though nothing is done.
>
> Checking the box and providing the root password results in a error message
> (iptables: Invalid argument) in the terminal where the applet was started
> as well as an selinux AVC denial.
>
> Uggh...
>
What is the SELinux denial?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlBrOCYACgkQrlYvE4MpobMB0ACgu8oRT+gB7dEVxwOeU5poB/RW
2wQAn2YYklfdRyx9vL8unoN5aeeVqWX3
=hdG/
-----END PGP SIGNATURE-----
More information about the test
mailing list