> So I'm curious as to why this isn't working for you. Did the restorecon > command in fact change the label of the program to iptables_exec_t? Did > you get the same AVC message as before? > > Exactly the same message - no difference! I am willing to investigate this further to get to the bottom of it. When I do not have my custom .pp and FC tries to start the shorewall service it fails (sometimes it gives me the alert, some times it doesn't). When I try to execute "service shorewall start" (as root) it always fails and always gives me those alerts (as I mentioned they are exactly the same, but I will have a closer look again). I will post these logs again (+ what I am doing/executing) when I have the chance to get to it - later today may be. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
