Description of problem: This awfully weird. iptables-save will, as expected, dump the current firewall rules to stdout. However, I get an empty file when I try to redirect that output to a file. I'm doing this as root, I'm not overwriting an existing file, the filesystem is not full. If I pipe the output of iptables-save through cat first, the result makes it to the file: [root@test sysconfig]# iptables-save | cat >foo This happens on both of my 64-bit F10 systems, but not on my 32-bit systems. Version-Release number of selected component (if applicable): iptables-1.4.1.1-2.fc10.x86_64 How reproducible: Always, on 64-bit systems. Steps to Reproduce: 1. iptables-save 2. iptables-save >foo Actual results: foo is an empty file, instead of containing the output of iptables-save Expected results: foo should contain the output you'd get from running iptables-save
This is a SELinux problem. Assigning to selinux-policy-targeted.
Miroslav, I think we should not label iptabels-save as iptables_exec_t Change iptables.fc to look like /sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0) /sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) /sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) Joel, if you chcon -t bin_t /sbin/iptables-save Should fix the problem,
Fixed in selinux-policy-3.5.13-56.fc10
I've verified that this is fixed in selinux-policy-3.5.13-61.fc10, and also in selinux-policy-3.6.12-50.fc11. Thanks!
Thanks for confirmation