selinux is denying iptables, how can I get the dhcp server working

[Mads Kiilerich]

Antonio Olivares wrote:
>>> I see the following:  
>>> type=1400 audit(1227217617.326:6): avc:  denied  {write } for  pid=10490 comm="iptables-save"
>>> path="/etc/sysconfig/iptables" dev=dm-0
>>> ino=28345626
>>> scontext=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023
>>> tcontext=system_u:object_r:etc_t:s0 tclass=file
>>>       
>>>   
>>>       
>> When? What command are you running?
>>
>> Have you tried "service iptables save"? What will
>> "ls -lZ /etc/sysconfig/iptables*" then show?
>>     
> [olivares at localhost ~]$ su -
> Password:
> [root at localhost ~]# ls -lZ /etc/sysconfig/iptables*
> -rw-------  root root system_u:object_r:etc_t          /etc/sysconfig/iptables
> -rw-------  root root system_u:object_r:etc_t          /etc/sysconfig/iptables~
> -rw-r--r--  root root system_u:object_r:etc_t          /etc/sysconfig/iptables-config
> -rw-------  root root unconfined_u:object_r:etc_runtime_t /etc/sysconfig/iptables.save
> [root at localhost ~]#
>   

You only answered one of 3-4 questions. That makes it a bit difficult to 
help you.

Anyway... /etc/sysconfig/iptables.save was probably made by "service 
iptables save". Try it again. "ls -l /etc/sysconfig/iptables*" will show 
you if this saves to /etc/sysconfig/iptables. It probably does and you 
should be happy.

The message you got was probably caused by "iptables-save > 
/etc/sysconfig/iptables".

/Mads