Firestarter startup and FC4 SE Linux Errors - LONG

David Niemi drn_temp2 at
Fri Jul 1 19:43:24 UTC 2005

On Fri, 2005-01-07 at 07:26 -0400, David Niemi wrote:
> (Sorry for the length, I included all error messages)
> With the version of Firestarter from FC4 Extras myself and other users
> are experiencing starter up error messages with SE Linux though
> firestarter appears to start.
> There messages during bootup that permission is denied to:
> touch - touch /var/lock/firestarter
> remove - rm /var/lock/firestarter
> and that there is a "fatal error, your kernel does not support
> iptables".  At the end of this message is the errors from messages and I
> couldn't locate any corresponding entries in audit.  There could be
> audit entries but I couldn't tell from my VERY LIMITED SE Linux and
> audit knowledge.
> The latest policies update does not appear to have made a difference.
> The quick fix of coarse is to set enforcing=0 or using SELINUX=disabled
> in /etc/selinux/config, but this sort of defeats the purpose.  As a test
> I set enforcing=0 during a reboot and didn't get the boot errors though
> there was still many messages (appended) about permission denied
> in /var/log/messages.
Looks like this is not an SE Linux error.  Sorry guys.

On Fri, 2005-01-07 at 14:33 -0400, Mark Bidewell wrote:
> I tracked the problem with firestarter down to /etc/dhclient-exit-hooks 
> which contains the line "sh /etc/firestarter/ start" which 
> starts firestarter independed of the firestater init script.  Removing 
> this line solves the selinux errors and the firewall policy still seems 
> to be in effect.  I am theroizing that the line above is executed when 
> the dhclient daemon attempts to shutdown  as well as start thus 
> attempting to start the firewall while closing the interface.  I think 
> this is what selinux is flagging.  I haven't checked to see if there is 
> a reason for that command yet.

More information about the fedora-selinux-list mailing list