On 12/28/2012 07:10 AM, Kristen R wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am finding after a reboot of my server these AVC denials:
type=AVC msg=audit(1356666298.031:40): avc: denied { read } for
pid=2837 comm="iptables" path="inotify" dev=inotifyfs ino=337
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
Installed is:
selinux-policy-2.4.6-327.el5
on a CentOS 5.5 build with kernel 2.6.18-308.24.1.el5
Should this be allowed?
Kristen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAlDdN94ACgkQF1wXlvLxlNh0WgCgjLBAtEjLuZyZqtxDgE0QHmPk
/7cAoKt0Q4f+RB4AoNpC350eO0mSpaCw
=/SJ4
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, we allow it in Fedora/RHEL6.
For now add a local policy with this rule and open a new bug for RHEL5.
# grep iptables /var/log/audit/audit.log |audit2allow -M myiptables
# semodule -i myiptables.pp
Regards,
Miroslav
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
