Re: SELinux and Shorewall with IPSets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> So I'm curious as to why this isn't working for you.  Did the restorecon
> command in fact change the label of the program to iptables_exec_t?  Did
> you get the same AVC message as before?
>   
Mystery solved! I've had an inspiration this morning.

At the time I installed ipset at least 2 times (from Fedora Fusion as 
well as compiling it from source), so I assumed ipset was installed in 
the same location. 'whereis ipset' revealed that I have TWO copies: one 
in /sbin and another one (which I have 'used' up until now) in 
/usr/sbin. So, for some reason, even though I specified the executable 
in /usr/sbin to be executed in my shorewall init (the one with the 
'right' SELinux attributes) the executable in /sbin must have been 
picked somehow. When I removed the copy in /sbin and then rebooted - all 
was well and shorewall ran without any problems. Bizarre!
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux