On Thu, 2005-05-05 at 17:05 -0400, Chuck R. Anderson wrote:
> I had a problem disabling my iptables firewall today, and noticed that
> /proc/net being unreadable was the cause of "service iptables stop"
> not working. I have an avc:
>
> audit(1115326402.826:0): avc: denied { search } for pid=5818
> exe=/bin/tcsh name=net dev=proc ino=-268435434
> scontext=user_u:system_r:unconfined_t
> tcontext=system_u:object_r:proc_net_t tclass=dir
It's a bug in the policy. It should allow unconfined_t access to
proc_net_t.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
