--- On Thu, 11/20/08, Mads Kiilerich <mads@xxxxxxxxxxxxx> wrote:
> From: Mads Kiilerich <mads@xxxxxxxxxxxxx>
> Subject: Re: selinux is denying iptables, how can I get the dhcp server working
> To: "For testers of Fedora Core development releases" <fedora-test-list@xxxxxxxxxx>
> Date: Thursday, November 20, 2008, 5:29 PM
> > I see the following:
> > type=1400 audit(1227217617.326:6): avc: denied {
> write } for pid=10490 comm="iptables-save"
> path="/etc/sysconfig/iptables" dev=dm-0
> ino=28345626
> scontext=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:etc_t:s0 tclass=file
> >
>
> When? What command are you running?
>
> Have you tried "service iptables save"? What will
> "ls -lZ /etc/sysconfig/iptables*" then show?
>
> /Mads
> --
> fedora-test-list mailing list
> fedora-test-list@xxxxxxxxxx
> To unsubscribe:
> https://www.redhat.com/mailman/listinfo/fedora-test-list
[olivares@localhost ~]$ su -
Password:
[root@localhost ~]# ls -lZ /etc/sysconfig/iptables*
-rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables
-rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables~
-rw-r--r-- root root system_u:object_r:etc_t /etc/sysconfig/iptables-config
-rw------- root root unconfined_u:object_r:etc_runtime_t /etc/sysconfig/iptables.save
[root@localhost ~]#
Thanks,
Antonio
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
