Firestarter startup and FC4 SE Linux Errors - LONG

[David Niemi]

On Fri, 2005-01-07 at 07:26 -0400, David Niemi wrote:
> (Sorry for the length, I included all error messages)
> 
> With the version of Firestarter from FC4 Extras myself and other users
> are experiencing starter up error messages with SE Linux though
> firestarter appears to start.
> 
> There messages during bootup that permission is denied to:
> 
> touch - touch /var/lock/firestarter
> remove - rm /var/lock/firestarter
> 
> and that there is a "fatal error, your kernel does not support
> iptables".  At the end of this message is the errors from messages and I
> couldn't locate any corresponding entries in audit.  There could be
> audit entries but I couldn't tell from my VERY LIMITED SE Linux and
> audit knowledge.
> 
> The latest policies update does not appear to have made a difference.
> 
> The quick fix of coarse is to set enforcing=0 or using SELINUX=disabled
> in /etc/selinux/config, but this sort of defeats the purpose.  As a test
> I set enforcing=0 during a reboot and didn't get the boot errors though
> there was still many messages (appended) about permission denied
> in /var/log/messages.
> 
Looks like this is not an SE Linux error.  Sorry guys.

On Fri, 2005-01-07 at 14:33 -0400, Mark Bidewell wrote:
> I tracked the problem with firestarter down to /etc/dhclient-exit-hooks 
> which contains the line "sh /etc/firestarter/firestarter.sh start" which 
> starts firestarter independed of the firestater init script.  Removing 
> this line solves the selinux errors and the firewall policy still seems 
> to be in effect.  I am theroizing that the line above is executed when 
> the dhclient daemon attempts to shutdown  as well as start thus 
> attempting to start the firewall while closing the interface.  I think 
> this is what selinux is flagging.  I haven't checked to see if there is 
> a reason for that command yet.