On Fri, 2005-01-07 at 07:26 -0400, David Niemi wrote: > (Sorry for the length, I included all error messages) > > With the version of Firestarter from FC4 Extras myself and other users > are experiencing starter up error messages with SE Linux though > firestarter appears to start. > > There messages during bootup that permission is denied to: > > touch - touch /var/lock/firestarter > remove - rm /var/lock/firestarter > > and that there is a "fatal error, your kernel does not support > iptables". At the end of this message is the errors from messages and I > couldn't locate any corresponding entries in audit. There could be > audit entries but I couldn't tell from my VERY LIMITED SE Linux and > audit knowledge. > > The latest policies update does not appear to have made a difference. > > The quick fix of coarse is to set enforcing=0 or using SELINUX=disabled > in /etc/selinux/config, but this sort of defeats the purpose. As a test > I set enforcing=0 during a reboot and didn't get the boot errors though > there was still many messages (appended) about permission denied > in /var/log/messages. > Looks like this is not an SE Linux error. Sorry guys. On Fri, 2005-01-07 at 14:33 -0400, Mark Bidewell wrote: > I tracked the problem with firestarter down to /etc/dhclient-exit-hooks > which contains the line "sh /etc/firestarter/firestarter.sh start" which > starts firestarter independed of the firestater init script. Removing > this line solves the selinux errors and the firewall policy still seems > to be in effect. I am theroizing that the line above is executed when > the dhclient daemon attempts to shutdown as well as start thus > attempting to start the firewall while closing the interface. I think > this is what selinux is flagging. I haven't checked to see if there is > a reason for that command yet. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list