First Last Prev Next    This bug is not in your last search results.
Bug 216072 - SELinux is preventing /sbin/iptables (iptables_t) "use" to /dev/null (pppd_t).
SELinux is preventing /sbin/iptables (iptables_t) "use" to /dev/null (pppd_t).
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-16 23:13 EST by David Mohring
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-12 13:08:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description David Mohring 2006-11-16 23:13:48 EST 
Description of problem:


Version-Release number of selected component (if applicable):

Affected RPM Packagesiptables-1.3.5-1.2.1 
Policy RPM   selinux-policy-2.4.3-2.fc6

( Selinux EnabledTrue
Policy Type  targeted
MLS Enabled  TrueEnforcing 
Mode Enforcing )

How reproducible:

Very

Steps to Reproduce:
1. xDSL connection times out
2. xDSL reconnections
3. iptables reloaded for new ppp connection
  
Actual results:
 
avc: denied { use } for comm='"iptables"' dev='tmpfs' egid='0' euid='0'
exe='"/sbin/iptables"' exit='0' fsgid='0' fsuid='0' gid='0' items='0'
name='"null"' path='"/dev/null"' pid='19669'
scontext=system_u:system_r:iptables_t:s0 sgid='0'
subj='system_u:system_r:iptables_t:s0' suid='0' tclass='fd'
tcontext=system_u:system_r:pppd_t:s0 tty='(none)' uid='0' 

Repeated until I run 
# restorecon -v /dev/null 

Expected results:

No SELinux conflict

Additional info:

I'm using firestarter-1.0.3-14.fc6 from extras, but manually restarting iptables
 produces the same error messages.
Comment 1 Daniel Walsh 2006-11-17 13:10:06 EST 
Fixed in selinux-policy-2.4.5-1
Comment 2 Ronald Pacheco 2007-06-28 08:30:41 EDT 
*** Bug 223289 has been marked as a duplicate of this bug. ***
Comment 3 Daniel Walsh 2007-09-12 13:08:12 EDT 
Moving modified bugs to closed
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.