Antonio Olivares wrote:
I see the following:
type=1400 audit(1227217617.326:6): avc: denied {write } for pid=10490 comm="iptables-save"
path="/etc/sysconfig/iptables" dev=dm-0
ino=28345626
scontext=unconfined_u:unconfined_r:iptables_t:s0-s0:c0.c1023
tcontext=system_u:object_r:etc_t:s0 tclass=file
When? What command are you running?
Have you tried "service iptables save"? What will
"ls -lZ /etc/sysconfig/iptables*" then show?
[olivares@localhost ~]$ su -
Password:
[root@localhost ~]# ls -lZ /etc/sysconfig/iptables*
-rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables
-rw------- root root system_u:object_r:etc_t /etc/sysconfig/iptables~
-rw-r--r-- root root system_u:object_r:etc_t /etc/sysconfig/iptables-config
-rw------- root root unconfined_u:object_r:etc_runtime_t /etc/sysconfig/iptables.save
[root@localhost ~]#
You only answered one of 3-4 questions. That makes it a bit difficult to
help you.
Anyway... /etc/sysconfig/iptables.save was probably made by "service
iptables save". Try it again. "ls -l /etc/sysconfig/iptables*" will show
you if this saves to /etc/sysconfig/iptables. It probably does and you
should be happy.
The message you got was probably caused by "iptables-save >
/etc/sysconfig/iptables".
/Mads
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
