[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    [gentoo-hardened] SELinux and iptables.
From:       xake () rymdraket ! net
Date:       2008-02-24 22:34:47
Message-ID: 24213.193.11.246.158.1203892487.squirrel () webmail ! rymdraket ! net
[Download RAW message or body]

Iptables does not work for me in selinux with the default configuration.
To be precise '/etc/init.d/iptables save' fails to write the rules to
'/var/lib/iptables/rules-save'.

In fact if I do not disable enforcing that file ends up empty no matter if
I had or had not anything in it before.

dmesg leaves me with the following:
audit(1203892287.176:2148): avc:  denied  { write } for  pid=10909
comm="iptables-save" path="/var/lib/iptables/rules-save" dev=md3
ino=26181655 scontext=user_u:system_r:iptables_t
tcontext=user_u:object_r:var_lib_t tclass=file
audit(1203892287.176:2149): avc:  denied  { getattr } for  pid=10909
comm="iptables-save" path="/var/lib/iptables/rules-save" dev=md3
ino=26181655 scontext=user_u:system_r:iptables_t
tcontext=user_u:object_r:var_lib_t tclass=file

So is this something gentoo-wise or just my system?
Is there anyother place that configuration file is meant to be placed
(according to the policies) or do I have to make an local exception in the
policy?

//Peter

-- 
gentoo-hardened@lists.gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]