ummary: SELinux is preventing ip6tables-resto (iptables_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by ip6tables-resto. It is not expected that this access is required by ip6tables-resto and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:iptables_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0 Target Objects socket [ unix_stream_socket ] Source iptables Source Path /sbin/iptables Port <Unknown> Host home.69isfine.com Source RPM Packages iptables-ipv6-1.4.1.1-2.fc10 Target RPM Packages Policy RPM selinux-policy-3.5.13-57.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name home.69isfine.com Platform Linux home.69isfine.com 2.6.27.21-170.2.56.fc10.i686 #1 SMP Mon Mar 23 23:37:54 EDT 2009 i686 i686 Alert Count 54 First Seen Wed 29 Apr 2009 08:33:59 PM PDT Last Seen Wed 29 Apr 2009 08:37:50 PM PDT Local ID f4851bea-d166-4ec4-8ce0-df5889f67997 Line Numbers Raw Audit Messages node=home.69isfine.com type=AVC msg=audit(1241062670.394:404): avc: denied { read write } for pid=16951 comm="ip6tables-resto" path="socket:[391123]" dev=sockfs ino=391123 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=unix_stream_socket node=home.69isfine.com type=SYSCALL msg=audit(1241062670.394:404): arch=40000003 syscall=11 success=yes exit=0 a0=94dfda8 a1=94e0080 a2=94bb370 a3=0 items=0 ppid=16940 pid=16951 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="ip6tables-resto" exe="/sbin/ip6tables-restore" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
How did you trigger this? It looks like a leaked file descriptor potentially from konsole? Are you using the kde konsole for terminal access? Or did you use some gui tool to trigger this avc. It can safely be ignored as I am sure the iptables command succeeded, and SELinux just closed the leak.