SELinux and Shorewall with IPSets
Mr Dash Four
mr.dash.four at googlemail.com
Wed Jun 30 11:10:38 UTC 2010
> So I'm curious as to why this isn't working for you. Did the restorecon
> command in fact change the label of the program to iptables_exec_t? Did
> you get the same AVC message as before?
>
Mystery solved! I've had an inspiration this morning.
At the time I installed ipset at least 2 times (from Fedora Fusion as
well as compiling it from source), so I assumed ipset was installed in
the same location. 'whereis ipset' revealed that I have TWO copies: one
in /sbin and another one (which I have 'used' up until now) in
/usr/sbin. So, for some reason, even though I specified the executable
in /usr/sbin to be executed in my shorewall init (the one with the
'right' SELinux attributes) the executable in /sbin must have been
picked somehow. When I removed the copy in /sbin and then rebooted - all
was well and shorewall ran without any problems. Bizarre!
More information about the selinux
mailing list