Firestarter startup and FC4 SE Linux Errors - LONG
David Niemi
drn_temp2 at rogers.com
Fri Jul 1 19:43:24 UTC 2005
On Fri, 2005-01-07 at 07:26 -0400, David Niemi wrote:
> (Sorry for the length, I included all error messages)
>
> With the version of Firestarter from FC4 Extras myself and other users
> are experiencing starter up error messages with SE Linux though
> firestarter appears to start.
>
> There messages during bootup that permission is denied to:
>
> touch - touch /var/lock/firestarter
> remove - rm /var/lock/firestarter
>
> and that there is a "fatal error, your kernel does not support
> iptables". At the end of this message is the errors from messages and I
> couldn't locate any corresponding entries in audit. There could be
> audit entries but I couldn't tell from my VERY LIMITED SE Linux and
> audit knowledge.
>
> The latest policies update does not appear to have made a difference.
>
> The quick fix of coarse is to set enforcing=0 or using SELINUX=disabled
> in /etc/selinux/config, but this sort of defeats the purpose. As a test
> I set enforcing=0 during a reboot and didn't get the boot errors though
> there was still many messages (appended) about permission denied
> in /var/log/messages.
>
Looks like this is not an SE Linux error. Sorry guys.
On Fri, 2005-01-07 at 14:33 -0400, Mark Bidewell wrote:
> I tracked the problem with firestarter down to /etc/dhclient-exit-hooks
> which contains the line "sh /etc/firestarter/firestarter.sh start" which
> starts firestarter independed of the firestater init script. Removing
> this line solves the selinux errors and the firewall policy still seems
> to be in effect. I am theroizing that the line above is executed when
> the dhclient daemon attempts to shutdown as well as start thus
> attempting to start the firewall while closing the interface. I think
> this is what selinux is flagging. I haven't checked to see if there is
> a reason for that command yet.
More information about the selinux
mailing list