selinux is denying iptables, how can I get the dhcp server working
Mads Kiilerich
mads at kiilerich.com
Fri Nov 21 16:11:21 UTC 2008
Antonio Olivares wrote:
>>> I see the following:
>>> type=1400 audit(1227217617.326:6): avc: denied {write } for pid=10490 comm="iptables-save"
>>> path="/etc/sysconfig/iptables" dev=dm-0
>>> ino=28345626
>>> scontext=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023
>>> tcontext=system_u:object_r:etc_t:s0 tclass=file
>>>
>>>
>>>
>> When? What command are you running?
>>
>> Have you tried "service iptables save"? What will
>> "ls -lZ /etc/sysconfig/iptables*" then show?
>>
> [olivares at localhost ~]$ su -
> Password:
> [root at localhost ~]# ls -lZ /etc/sysconfig/iptables*
> -rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables
> -rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables~
> -rw-r--r-- root root system_u:object_r:etc_t /etc/sysconfig/iptables-config
> -rw------- root root unconfined_u:object_r:etc_runtime_t /etc/sysconfig/iptables.save
> [root at localhost ~]#
>
You only answered one of 3-4 questions. That makes it a bit difficult to
help you.
Anyway... /etc/sysconfig/iptables.save was probably made by "service
iptables save". Try it again. "ls -l /etc/sysconfig/iptables*" will show
you if this saves to /etc/sysconfig/iptables. It probably does and you
should be happy.
The message you got was probably caused by "iptables-save >
/etc/sysconfig/iptables".
/Mads
More information about the fedora-test-list
mailing list