Bug 1436904
Summary: | iptables cannot access /run/xtables.lock | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Steven Haigh <netwiz> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.3 | CC: | james.edington, lvrabec, mgrepl, mmalik, netwiz, plautrba, pvrabec, ssekidde | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-3.13.1-141 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-04-10 15:29:03 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Steven Haigh
2017-03-29 01:11:03 UTC
Interestingly, the following resets fine and removes the error until the next boot: $ restorecon -v /run/xtables.lock restorecon reset /run/xtables.lock context system_u:object_r:var_run_t:s0->system_u:object_r:iptables_var_run_t:s0 Could it be a priority issue where we match var_run_t instead of iptables_var_run_t on file creation? I believe this bug is a duplicate of BZ#1376343. Unfortunately, this bug is not fixed in any RHEL-7.3.z. I can't assist there: You are not authorized to access bug #1376343. After reviewing, this does seem to be the same problem. Happy to mark as duplicate and close this if you wish? This doesn't seem to have been fixed yet. I'm experiencing it on selinux-policy-3.13.1-266.el7 on RHEL 7.7. Also, nobody in our company can access the bug this has been listed as a "duplicate" of. Created attachment 1710572 [details]
systemd service to reset the permissions on xtables.lock
This fixed it for our systems, where we deduced it's a McAfee x SELinux bug that impacts iptables.
|