> Might have been some merge issue with upstream policy. > > I think Fedora and refpolicy implement configfile each in a different > way, this may (or may not) cause confusion when Fedora merges upstream > refpolicy in its branch. > I am annoyed because I do not want to be dealing with issues which were 'resolved' nearly a year ago just to resurface again when I try to upgrade. Anyway, I backed out of this upgrade because as it turns out there are also quite a few issues with compiling the kernel as well, so I may as well just wait until FC15 comes around - I do not normally follow even number Fedora upgrades, but do not know what possessed me over the xmas period to go for this upgrade... > In my view allowing iptables to read all config files is sub-optimal. > > I would probably just allow: > > shorewall_read_config(iptables) > I did that as a temporary measure (added optional_policy statement with shorewall_read_config) to see if it is going to cure the problem - it did, though, as you put it above, it is not ideal. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
