AVC Denied Dhcp and Iptables.

[piotreek]

Hi guys i found some strange messages in my logs. It seams that selinux is
blocking a dhcp  an Iptables.
I found similar post on group about DHCP but my messages are different.I am
using FC7 latest policy update didn't resolve the problem.
P.S I am using firestater as my firewall.
Have a look

 Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:4): avc:  denied  {
execute } for  pid=1775 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:5): avc:  denied  {
getattr } for  pid=1775 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:6): avc:  denied  {
getattr } for  pid=1775 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:7): avc:  denied  {
execute } for  pid=1776 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:8): avc:  denied  {
getattr } for  pid=1776 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:9): avc:  denied  {
getattr } for  pid=1776 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:10): avc:  denied  {
execute } for  pid=1778 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:11): avc:  denied  {
getattr } for  pid=1778 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.475:12): avc:  denied  {
getattr } for  pid=1778 comm="sh" name="iptables" dev=sdb1 ino=3793910
scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
Jun  7 08:08:54 c79-70 kernel: audit(1181196527.975:13): audit_pid=1863
old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0
Greatings Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070607/e47119b4/attachment.htm>