--- On Mon, 11/24/08, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
From: Daniel J Walsh <dwalsh(a)redhat.com>
Subject: Re: selinux denies iptables
To: olivares14031(a)yahoo.com
Cc: fedora-selinux-list(a)redhat.com
Date: Monday, November 24, 2008, 5:27 AM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> I am still having trouble setting up the dhcp server
because selinux denies iptables
>
> type=1400 audit(1227530280.458:4): avc: denied {
write } for pid=1430 comm="ip6tables-resto"
path="/0" dev=devpts ino=2
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>
> Thanks in Advance,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I would doubt this is actually blocking anything, but you
can easily
customize policy by executing.
# grep iptables /var/log/audit/audit.log | audit2allow -M
myiptables
# semodule -i myiptables.pp
I have added the above rules to the next update of F9/F10
policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkkqq7AACgkQrlYvE4MpobOGbgCg4wDlOBTJlitDr2RJZnn2xC4G
xmIAnjPufGnazbn8EHFRl91ROy/u4CcB
=utED
-----END PGP SIGNATURE-----
[olivares@localhost ~]$ su -
Password:
[root@localhost ~]# grep iptables /var/log/audit/audit.log | audit2allow -M myiptables
compilation failed:
myiptables.te:6:ERROR 'syntax error' at token '' on line 6:
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from myiptables.te
[root@localhost ~]#
what do I do now?
Thanks,
Antonio