-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/01/2012 07:34 PM, Ed Greshko wrote: > On 10/01/2012 10:04 PM, Stephen John Smoogen wrote: >> On 30 September 2012 23:09, Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote: >>> I just started playing around with firewalld and I found something that >>> doesn't seem right to me. >>> >>> If any user starts firewall-applet and then selects "Block all network >>> traffic" it will do as asked without any prompt for root's password or >>> any other authentication. >>> >>> This seems crazy to me. >> Does the opposite work? Can the person turn off the firewall? >> > > I imagine that the on/off setting is what is labeled "Shields UP". Not > sure of their jargon. But, here is the "strange" thing. > > When the applet is started the "Shields UP" is unchecked. But, for sure > the firewall is running. > > If you check the box, you get an authentication dialog. If you hit > "cancel" I would expect the box to remain unchecked. However, it switches > to being checked....even though nothing is done. > > Checking the box and providing the root password results in a error message > (iptables: Invalid argument) in the terminal where the applet was started > as well as an selinux AVC denial. > > Uggh... > What is the SELinux denial? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBrOCYACgkQrlYvE4MpobMB0ACgu8oRT+gB7dEVxwOeU5poB/RW 2wQAn2YYklfdRyx9vL8unoN5aeeVqWX3 =hdG/ -----END PGP SIGNATURE----- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
