selinux denies iptables
Antonio Olivares
olivares14031 at yahoo.com
Mon Nov 24 13:57:15 UTC 2008
--- On Mon, 11/24/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
> From: Daniel J Walsh <dwalsh at redhat.com>
> Subject: Re: selinux denies iptables
> To: olivares14031 at yahoo.com
> Cc: fedora-selinux-list at redhat.com
> Date: Monday, November 24, 2008, 5:27 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> > Dear all,
> >
> > I am still having trouble setting up the dhcp server
> because selinux denies iptables
> >
> > type=1400 audit(1227530280.458:4): avc: denied {
> write } for pid=1430 comm="ip6tables-resto"
> path="/0" dev=devpts ino=2
> scontext=system_u:system_r:iptables_t:s0
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> >
> > Thanks in Advance,
> >
> > Antonio
> >
> >
> >
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> >
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> I would doubt this is actually blocking anything, but you
> can easily
> customize policy by executing.
>
>
> # grep iptables /var/log/audit/audit.log | audit2allow -M
> myiptables
> # semodule -i myiptables.pp
>
> I have added the above rules to the next update of F9/F10
> policy.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
>
> iEYEARECAAYFAkkqq7AACgkQrlYvE4MpobOGbgCg4wDlOBTJlitDr2RJZnn2xC4G
> xmIAnjPufGnazbn8EHFRl91ROy/u4CcB
> =utED
> -----END PGP SIGNATURE-----
[olivares at localhost ~]$ su -
Password:
[root at localhost ~]# grep iptables /var/log/audit/audit.log | audit2allow -M myiptables
compilation failed:
myiptables.te:6:ERROR 'syntax error' at token '' on line 6:
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/bin/checkmodule: loading policy configuration from myiptables.te
[root at localhost ~]#
what do I do now?
Thanks,
Antonio
More information about the fedora-selinux-list
mailing list