type=1400 audit(1226855594.878:4): avc: denied { write } for pid=1429 comm="ip6tables-resto"
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 17 14:36:20 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> In trying to configure the server, iptables returns a selinux denial
>
> ip6_tables: (C) 2000-2006 Netfilter Core Team
> type=1400 audit(1226855594.878:4): avc: denied { write } for pid=1429 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>
> setroubleshooter has not kicked in, and it is configured to run:
>
> [root at localhost ~]# chkconfig setroubleshoot --list
> setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> [root at localhost ~]#
>
>
> Thanks,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
# /sbin/service setroubleshoot status
# ps -eZ | grep seal
> type=1400 audit(1226855594.878:4): avc: denied { write } for
pid=1429 comm="ip6tables-resto" path="/0" dev=devpts ino=2
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Probably needs a custom policy to allow it. Not sure if this is really
necessary or if this could be dont audited.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkhgWQACgkQrlYvE4MpobM1DQCfQbUKCnHJOYrbBQhwQM0/lA1V
VuMAniR/ZfTGxKUCVqk8KCCdpMfYspFv
=pPUo
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list