type=1400 audit(1226855594.878:4): avc: denied { write } for pid=1429 comm="ip6tables-resto"
In trying to configure the server, iptables returns a selinux denial
ip6_tables: (C) 2000-2006 Netfilter Core Team type=1400 audit(1226855594.878:4): avc: denied { write } for pid=1429 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
setroubleshooter has not kicked in, and it is configured to run:
[root@localhost ~]# chkconfig setroubleshoot --list setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off [root@localhost ~]#
Thanks,
Antonio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
In trying to configure the server, iptables returns a selinux denial
ip6_tables: (C) 2000-2006 Netfilter Core Team type=1400 audit(1226855594.878:4): avc: denied { write } for pid=1429 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
setroubleshooter has not kicked in, and it is configured to run:
[root@localhost ~]# chkconfig setroubleshoot --list setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off [root@localhost ~]#
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
# /sbin/service setroubleshoot status # ps -eZ | grep seal
type=1400 audit(1226855594.878:4): avc: denied { write } for
pid=1429 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Probably needs a custom policy to allow it. Not sure if this is really necessary or if this could be dont audited.
selinux@lists.fedoraproject.org
-
Antonio Olivares -
Daniel J Walsh