Dear fellow selinux experts,
selinux is still denying iptables :(
type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
It also interferes with the booting of newer kernel with many messages of denying stuff with Permission denied.
I'm just reporting this, I have this machine running rawhide and it was also to serve as a mini-dhcp server to get internet to the machines in the classroom. I got help from fedora-list to get the correct file and all, but selinux is denying this, and I have to keep trying to get it right, and for other people it just works .
Thanks,
Antonio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear fellow selinux experts,
selinux is still denying iptables :(
type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
It also interferes with the booting of newer kernel with many messages of denying stuff with Permission denied.
I'm just reporting this, I have this machine running rawhide and it was also to serve as a mini-dhcp server to get internet to the machines in the classroom. I got help from fedora-list to get the correct file and all, but selinux is denying this, and I have to keep trying to get it right, and for other people it just works .
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What policy are you seeing this with?
In F10 policy selinux-policy-3.5.13-26.fc10.noarch
I get
# audit2allow -w -i /tmp/t type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean settings vs. permanent ones.
--- On Thu, 12/4/08, Daniel J Walsh dwalsh@redhat.com wrote:
From: Daniel J Walsh dwalsh@redhat.com Subject: Re: selinux is denying iptables still :( To: olivares14031@yahoo.com Cc: fedora-selinux-list@redhat.com Date: Thursday, December 4, 2008, 5:53 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear fellow selinux experts,
selinux is still denying iptables :(
type=1400 audit(1228351277.178:4): avc: denied {
write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
It also interferes with the booting of newer kernel
with many messages of denying stuff with Permission denied.
I'm just reporting this, I have this machine
running rawhide and it was also to serve as a mini-dhcp server to get internet to the machines in the classroom. I got help from fedora-list to get the correct file and all, but selinux is denying this, and I have to keep trying to get it right, and for other people it just works .
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list What policy are you seeing this with?
[olivares@localhost ~]$ rpm -qa selinux-policy* selinux-policy-3.6.1-1.fc11.noarch selinux-policy-targeted-3.5.13-26.fc10.noarch selinux-policy-targeted-3.6.1-1.fc11.noarch
In F10 policy selinux-policy-3.5.13-26.fc10.noarch
I get
# audit2allow -w -i /tmp/t type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean
settings vs. permanent ones.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk34OwACgkQrlYvE4MpobPiWwCeJ52e7Q4mPWrMFjO53//3C8g7 ocgAoIadJvZzjbZch1mgtzqoZsIgxKZb =/6oT -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
--- On Thu, 12/4/08, Daniel J Walsh dwalsh@redhat.com wrote:
From: Daniel J Walsh dwalsh@redhat.com Subject: Re: selinux is denying iptables still :( To: olivares14031@yahoo.com Cc: fedora-selinux-list@redhat.com Date: Thursday, December 4, 2008, 5:53 AM
Antonio Olivares wrote:
Dear fellow selinux experts,
selinux is still denying iptables :(
type=1400 audit(1228351277.178:4): avc: denied {
write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
It also interferes with the booting of newer kernel
with many messages of denying stuff with Permission denied.
I'm just reporting this, I have this machine
running rawhide and it was also to serve as a mini-dhcp server to get internet to the machines in the classroom. I got help from fedora-list to get the correct file and all, but selinux is denying this, and I have to keep trying to get it right, and for other people it just works .
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list What policy are you seeing this with?
[olivares@localhost ~]$ rpm -qa selinux-policy* selinux-policy-3.6.1-1.fc11.noarch selinux-policy-targeted-3.5.13-26.fc10.noarch selinux-policy-targeted-3.6.1-1.fc11.noarch
In F10 policy selinux-policy-3.5.13-26.fc10.noarch
I get
# audit2allow -w -i /tmp/t type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
Was caused by: Unknown - would be allowed by active policy Possible mismatch between this policy and the one under which the audit message was generated.
Possible mismatch between current in-memory boolean
settings vs. permanent ones.
Ok fixed in selinux-policy-3.6.1-5.f11
selinux@lists.fedoraproject.org