On Fri, 2005-01-07 at 07:26 -0400, David Niemi wrote:
(Sorry for the length, I included all error messages)
With the version of Firestarter from FC4 Extras myself and other users
are experiencing starter up error messages with SE Linux though
firestarter appears to start.
There messages during bootup that permission is denied to:
touch - touch /var/lock/firestarter
remove - rm /var/lock/firestarter
and that there is a "fatal error, your kernel does not support
iptables". At the end of this message is the errors from messages and I
couldn't locate any corresponding entries in audit. There could be
audit entries but I couldn't tell from my VERY LIMITED SE Linux and
audit knowledge.
The latest policies update does not appear to have made a difference.
The quick fix of coarse is to set enforcing=0 or using SELINUX=disabled
in /etc/selinux/config, but this sort of defeats the purpose. As a test
I set enforcing=0 during a reboot and didn't get the boot errors though
there was still many messages (appended) about permission denied
in /var/log/messages.
Looks like this is not an SE Linux error. Sorry guys.
On Fri, 2005-01-07 at 14:33 -0400, Mark Bidewell wrote:
I tracked the problem with firestarter down to
/etc/dhclient-exit-hooks
which contains the line "sh /etc/firestarter/firestarter.sh start" which
starts firestarter independed of the firestater init script. Removing
this line solves the selinux errors and the firewall policy still seems
to be in effect. I am theroizing that the line above is executed when
the dhclient daemon attempts to shutdown as well as start thus
attempting to start the firewall while closing the interface. I think
this is what selinux is flagging. I haven't checked to see if there is
a reason for that command yet.