--- On Thu, 12/4/08, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
> From: Daniel J Walsh <dwalsh(a)redhat.com>
> Subject: Re: selinux is denying iptables still :(
> To: olivares14031(a)yahoo.com
> Cc: fedora-selinux-list(a)redhat.com
> Date: Thursday, December 4, 2008, 5:53 AM
Antonio Olivares wrote:
>>> Dear fellow selinux experts,
>>>
>>> selinux is still denying iptables :(
>>>
>>> type=1400 audit(1228351277.178:4): avc: denied {
write } for pid=1351 comm="ip6tables-resto"
path="/0" dev=devpts ino=2
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>>> It also interferes with the booting of newer kernel
with many messages of denying stuff with Permission denied.
>>> I'm just reporting this, I have this machine
running rawhide and it was also to serve as a mini-dhcp
server to get internet to the machines in the classroom. I
got help from fedora-list to get the correct file and all,
but selinux is denying this, and I have to keep trying to
get it right, and for other people it just works .
>>> Thanks,
>>>
>>> Antonio
>>>
>>>
>>>
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list(a)redhat.com
>>>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What policy are you seeing this with?
> [olivares@localhost ~]$ rpm -qa selinux-policy*
> selinux-policy-3.6.1-1.fc11.noarch
> selinux-policy-targeted-3.5.13-26.fc10.noarch
> selinux-policy-targeted-3.6.1-1.fc11.noarch
In F10 policy selinux-policy-3.5.13-26.fc10.noarch
I get
# audit2allow -w -i /tmp/t
type=1400 audit(1228351277.178:4): avc: denied { write }
for pid=1351
comm="ip6tables-resto" path="/0"
dev=devpts ino=2
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under
which the
audit message was generated.
Possible mismatch between current in-memory boolean
settings vs.
permanent ones.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkk34nEACgkQrlYvE4MpobNEYQCgsvnK/+pYP7rA+EmhFr9qiOjO
4D4AniD4aCvtf3xhNjAYBxbs67DEPrkh
=yxmY
-----END PGP SIGNATURE-----