Bug 445525 - SELinux is preventing iptables (iptables_t) "read write" to socket (unconfined_t)
SELinux is preventing iptables (iptables_t) "read write" to socket (unconfine...
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-05-07 08:34 EDT by Akira TAGOH
Modified: 2008-05-07 11:09 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 11:09:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Akira TAGOH 2008-05-07 08:34:11 EDT
Description of problem:
The following messages appears by disabling/enabling firewall on

type=AVC msg=audit(1210163156.386:110): avc:  denied  { read write } for  pid=71
01 comm="iptables" path="socket:[39235]" dev=sockfs ino=39235 scontext=unconfine
d_u:system_r:iptables_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0
:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1210163156.386:110): arch=c000003e syscall=59 success=yes
 exit=0 a0=1e2fea0 a1=1ded460 a2=1de9be0 a3=7fffeaa0fe20 items=0 ppid=7091 pid=7
101 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) 
ses=4 comm="iptables" exe="/sbin/iptables" subj=unconfined_u:system_r:iptables_t
:s0 key=(null)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.run system-config-firewall on Enforcing mode
2.press Enable/Disable button
Comment 1 Daniel Walsh 2008-05-07 08:57:51 EDT
You can safely ignore this.

Nalin, do you think this could be consolehelper leaking a file descriptor?

Akira how do you have authentication setup?  ldap? NIS? Local Password?
Comment 2 Akira TAGOH 2008-05-07 09:16:27 EDT
Only local password is setting up here.
Comment 3 Daniel Walsh 2008-05-07 11:09:05 EDT
Fixed in selinux-policy-3.3.1-47.fc10.src.rpm

Note You need to log in before you can comment on or make changes to this bug.