Bug 216072 - SELinux is preventing /sbin/iptables (iptables_t) "use" to /dev/null (pppd_t).
SELinux is preventing /sbin/iptables (iptables_t) "use" to /dev/null (pppd_t).
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-11-16 23:13 EST by David Mohring
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-09-12 13:08:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Mohring 2006-11-16 23:13:48 EST
Description of problem:

Version-Release number of selected component (if applicable):

Affected RPM Packagesiptables-1.3.5-1.2.1 
Policy RPM   selinux-policy-2.4.3-2.fc6

( Selinux EnabledTrue
Policy Type  targeted
MLS Enabled  TrueEnforcing 
Mode Enforcing )

How reproducible:


Steps to Reproduce:
1. xDSL connection times out
2. xDSL reconnections
3. iptables reloaded for new ppp connection
Actual results:
avc: denied { use } for comm='"iptables"' dev='tmpfs' egid='0' euid='0'
exe='"/sbin/iptables"' exit='0' fsgid='0' fsuid='0' gid='0' items='0'
name='"null"' path='"/dev/null"' pid='19669'
scontext=system_u:system_r:iptables_t:s0 sgid='0'
subj='system_u:system_r:iptables_t:s0' suid='0' tclass='fd'
tcontext=system_u:system_r:pppd_t:s0 tty='(none)' uid='0' 

Repeated until I run 
# restorecon -v /dev/null 

Expected results:

No SELinux conflict

Additional info:

I'm using firestarter-1.0.3-14.fc6 from extras, but manually restarting iptables
 produces the same error messages.
Comment 1 Daniel Walsh 2006-11-17 13:10:06 EST
Fixed in selinux-policy-2.4.5-1
Comment 2 Ronald Pacheco 2007-06-28 08:30:41 EDT
*** Bug 223289 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2007-09-12 13:08:12 EDT
Moving modified bugs to closed

Note You need to log in before you can comment on or make changes to this bug.