iptables denied by selinux
Paul Howarth
paul at city-fan.org
Thu Dec 11 09:38:09 UTC 2008
Antonio Olivares wrote:
> Dear all,
>
> I have still yet to make the dhcpd server work because of selinux. I have been patient, but I am getting frustrated :(
>
> [olivares at localhost ~]$ dmesg | grep avc
> type=1400 audit(1228956840.530:4): avc: denied { write } for pid=1499 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> [olivares at localhost ~]$
>
>
> I have already ran touch /.autorelabel; reboot
> and all of the other denials have been cleared but this one. I am not yet taking selinux off or getting that desparate, because when I booted in enforcing=0 mode for other troubles, the dhcpd server still did not work, but the iptables message was still there :(
>
> Please advice me, I do not want to throw the towel yet!
Why do you think the DHCP server problem is SELinux related? The AVC
here appears to be from starting the ip6tables service, and you say that
the DCHP server still doesn't work in permissive mode...
What, if any, messages do you see in /var/log/messages from dhcpd?
Paul.
More information about the fedora-selinux-list
mailing list