Re: firewalld this doesn't seem right....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/01/2012 07:34 PM, Ed Greshko wrote:
> On 10/01/2012 10:04 PM, Stephen John Smoogen wrote:
>> On 30 September 2012 23:09, Ed Greshko <Ed.Greshko@xxxxxxxxxxx> wrote:
>>> I just started playing around with firewalld and I found something that
>>> doesn't seem right to me.
>>> 
>>> If any user starts firewall-applet and then selects "Block all network
>>> traffic" it will do as asked without any prompt for root's password or
>>> any other authentication.
>>> 
>>> This seems crazy to me.
>> Does the opposite work? Can the person turn off the firewall?
>> 
> 
> I imagine that the on/off setting is what is labeled "Shields UP".  Not
> sure of their jargon.  But, here is the "strange" thing.
> 
> When the applet is started the "Shields UP" is unchecked.  But, for sure
> the firewall is running.
> 
> If you check the box, you get an authentication dialog.  If you hit
> "cancel" I would expect the box to remain unchecked.  However, it switches
> to being checked....even though nothing is done.
> 
> Checking the box and providing the root password results in a error message
> (iptables: Invalid argument) in the terminal where the applet was started
> as well as an selinux AVC denial.
> 
> Uggh...
> 
What is the SELinux denial?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBrOCYACgkQrlYvE4MpobMB0ACgu8oRT+gB7dEVxwOeU5poB/RW
2wQAn2YYklfdRyx9vL8unoN5aeeVqWX3
=hdG/
-----END PGP SIGNATURE-----
-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux