Description of problem: When I try to configure the firewall with system-config-firewall on the livecd, it fails and I get a traceback as noted in bug #614887. The root cause seems to be that various .old files are mislabeled: # ll -Z /etc/sysconfig/ip* -rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/ip6tables -rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/ip6tables-config -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sysconfig/ip6tables.old -rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/iptables -rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/iptables-config -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sysconfig/iptables.old # ll -Z /etc/sysconfig/system-config-firewall* -rw-------. root root system_u:object_r:system_conf_t:s0 /etc/sysconfig/system-config-firewall -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sysconfig/system-config-firewall.old If I restorecon or rm these .old files before starting system-config-firewall then I can configure the firewall without problem. I notice that fedora-live-base.ks has the line "firewall --enabled --mdns", perhaps this is responsible for leaving the .old files mislabeled? Or perhaps this is a selinux policy oversight? I've tested this on a F15 nightly, but I can also reproduce this bug at least as far back as the F13 release spin iso. Version-Release number of selected component (if applicable): system-config-firewall-1.2.27-1.fc15.noarch selinux-policy-3.9.10-12.fc15.noarch
This could be the cause of the abrt-reported crashes at bug #654053.
Appears to be fixed on the kde-x86_64-20110315.01.iso nightly, most probably as a result of the fix for bug #648591. Bug #614887 (system-config-firewall crash leaves iptables rules in a bad state) remains, however.