Résumé: SELinux is preventing /usr/bin/python "setattr" access on sysctl.conf. Description détaillée: [system-config-f a un type permissif (firewallgui_t). Cet accès n'a pas été refusé.] SELinux denied access requested by system-config-f. It is not expected that this access is required by system-config-f and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Autoriser l'accès: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Informations complémentaires: Contexte source system_u:system_r:firewallgui_t:s0-s0:c0.c1023 Contexte cible system_u:object_r:etc_t:s0 Objets du contexte sysctl.conf [ file ] source system-config-f Chemin de la source /usr/bin/python Port <Inconnu> Hôte (removed) Paquetages RPM source python-2.6.2-2.fc12 Paquetages RPM cible Politique RPM selinux-policy-3.6.32-84.fc12 Selinux activé True Type de politique targeted Mode strict Enforcing Nom du plugin catchall Nom de l'hôte (removed) Plateforme Linux (removed) 2.6.31.12-174.2.3.fc12.x86_64 #1 SMP Mon Jan 18 19:52:07 UTC 2010 x86_64 x86_64 Compteur d'alertes 1 Première alerte dim. 14 févr. 2010 19:36:49 CET Dernière alerte dim. 14 févr. 2010 19:36:49 CET ID local c13905b6-69c4-4557-946a-65f046c51484 Numéros des lignes Messages d'audit bruts node=(removed) type=AVC msg=audit(1266172609.351:18): avc: denied { setattr } for pid=2032 comm="system-config-f" name="sysctl.conf" dev=sda7 ino=686335 scontext=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1266172609.351:18): arch=c000003e syscall=90 success=yes exit=0 a0=9b7a60 a1=180 a2=7fde3f050e40 a3=7fffcb9481e8 items=0 ppid=1 pid=2032 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="system-config-f" exe="/usr/bin/python" subj=system_u:system_r:firewallgui_t:s0-s0:c0.c1023 key=(null) Hash String generated from catchall,system-config-f,firewallgui_t,etc_t,file,setattr audit2allow suggests: #============= firewallgui_t ============== allow firewallgui_t etc_t:file setattr;
Created attachment 394217 [details] firewall configuration screencopy first reboot after adding translation of addresses between eth0 and eth1 cf. Capture-Configuration du pare-feu.png and Bug 565323 - SELinux is preventing /usr/bin/python "write" access on sysctl.conf.
*** This bug has been marked as a duplicate of bug 565323 ***