"service iptables stop" not working -- /proc/net unreadable

Colin Walters walters at redhat.com
Thu May 5 21:25:00 UTC 2005


On Thu, 2005-05-05 at 17:05 -0400, Chuck R. Anderson wrote:
> I had a problem disabling my iptables firewall today, and noticed that
> /proc/net being unreadable was the cause of "service iptables stop"
> not working.  I have an avc:
> 
> audit(1115326402.826:0): avc:  denied  { search } for  pid=5818 
> exe=/bin/tcsh name=net dev=proc ino=-268435434 
> scontext=user_u:system_r:unconfined_t 
> tcontext=system_u:object_r:proc_net_t tclass=dir

It's a bug in the policy.  It should allow unconfined_t access to
proc_net_t.





More information about the fedora-selinux-list mailing list