Bug 1434727
Summary: | systemctl mask iptables fails with "Failed to execute operation: Access denied" | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Akmal Avloni <akmal.avloni86> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.3 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-07-17 14:02:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
I believe this bug is a duplicate of BZ#1337041. (In reply to Milos Malik from comment #2) > I believe this bug is a duplicate of BZ#1337041. Yep. Same problem which is why I listed it as related. It's affecting 7.3 and that bug doesn't list 7.3. If there's anything I can provide from logs, etc... to help, let me know... Best Regards, Akmal Avloni *** This bug has been marked as a duplicate of bug 1337041 *** |
Created attachment 1265333 [details] screenshot Description of problem: selinux is preventing masking of iptables. It's useful to mask iptables. Issues arise from starting iptables when firewalld is active. Version-Release number of selected component (if applicable): 7.3.1611 How reproducible: All instances I tried reproduced it. Steps to Reproduce: 1. Update CentOS to latest (7.3.1611) 2. run systemctl mask iptables 3. Actual results: Iptables service is not masked, you get "Failed to execute operation: Access denied" Expected results: Iptables service should be masked, you should get "Created symlink from /etc/systemd/system/iptables.service to /dev/null" Additional info: Other services could be masked without issues(example network.service, postfix.service, rhnsd.service). Putting SELINUX in permissive mode allows masking of iptables.