[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-hardened
Subject: [gentoo-hardened] SELinux and iptables.
From: xake () rymdraket ! net
Date: 2008-02-24 22:34:47
Message-ID: 24213.193.11.246.158.1203892487.squirrel () webmail ! rymdraket ! net
[Download RAW message or body]
Iptables does not work for me in selinux with the default configuration.
To be precise '/etc/init.d/iptables save' fails to write the rules to
'/var/lib/iptables/rules-save'.
In fact if I do not disable enforcing that file ends up empty no matter if
I had or had not anything in it before.
dmesg leaves me with the following:
audit(1203892287.176:2148): avc: denied { write } for pid=10909
comm="iptables-save" path="/var/lib/iptables/rules-save" dev=md3
ino=26181655 scontext=user_u:system_r:iptables_t
tcontext=user_u:object_r:var_lib_t tclass=file
audit(1203892287.176:2149): avc: denied { getattr } for pid=10909
comm="iptables-save" path="/var/lib/iptables/rules-save" dev=md3
ino=26181655 scontext=user_u:system_r:iptables_t
tcontext=user_u:object_r:var_lib_t tclass=file
So is this something gentoo-wise or just my system?
Is there anyother place that configuration file is meant to be placed
(according to the policies) or do I have to make an local exception in the
policy?
//Peter
--
gentoo-hardened@lists.gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic