Bug 1776873 - Incorrect context applied to /etc/sysconfig/iptables.save
Summary: Incorrect context applied to /etc/sysconfig/iptables.save
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.2
Hardware: All
OS: Linux
Target Milestone: rc
: 8.3
Assignee: Zdenek Pytela
QA Contact: Milos Malik
Jan Fiala
Depends On: 1733542
Blocks: 1825061
TreeView+ depends on / blocked
Reported: 2019-11-26 14:10 UTC by Francisco Peralta
Modified: 2020-11-04 21:36 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
.`IPTABLES_SAVE_ON_STOP` now works correctly Previously, the `IPTABLES_SAVE_ON_STOP` feature of the `iptables` service did not work because files with saved IP tables content received incorrect SELinux context. This prevented the `iptables` script from changing permissions, and the script subsequently failed to save the changes. This update defines a proper context for the `iptables.save` and `ip6tables.save` files, and creates a filename transition rule. As a consequence, the `IPTABLES_SAVE_ON_STOP` feature of the `iptables` service works correctly.
Clone Of: 1733542
Last Closed: 2020-11-04 01:55:53 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1733542 0 medium CLOSED Incorrect context applied to /etc/sysconfig/iptables.save 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2020:4528 0 None None None 2020-11-04 01:56:19 UTC

Comment 1 Phil Sutter 2019-11-30 15:21:29 UTC
Reassigning to the (hopefully) right component.

Comment 19 errata-xmlrpc 2020-11-04 01:55:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (selinux-policy bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.