Am instalat pe un calculator Fedora Core 8 pentru a-l folosi pe post de router.
Primesc insa eroarea:
SummarySELinux is preventing /sbin/iptables-save (iptables_t) "write" to
/etc/sysconfig/iptables (etc_t).
Detailed DescriptionSELinux is preventing /sbin/iptables-save (iptables_t)
"write" to /etc/sysconfig/iptables (etc_t). The SELinux type etc_t, is a
generic type for all files in the directory and very few processes (SELinux
Domains) are allowed to write to this SELinux type. This type of denial usual
indicates a mislabeled file. By default a file created in a directory has the
gets the context of the parent directory, but SELinux policy has rules about
the creation of directories, that say if a process running in one SELinux
Domain (D1) creates a file in a directory with a particular SELinux File
Context (F1) the file gets a different File Context (F2). The policy usually
allows the SELinux Domain (D1) the ability to write or append on (F2). But if
for some reason a file (/etc/sysconfig/iptables) was created with the wrong
context, this domain will be denied. The usual solution to this problem is to
reset the file context on the target file, restorecon
-v /etc/sysconfig/iptables. If the file context does not change from etc_t,
then this is probably a bug in policy. Please file a bug report against the
selinux-policy package. If it does change, you can try your application again
to see if it works. The file context could have been mislabeled by editing the
file or moving the file from a different directory, if the file keeps getting
mislabeled, check the init scripts to see if they are doing something to
mislabel the file.Allowing AccessYou can attempt to fix file context by
executing restorecon -v /etc/sysconfig/iptablesThe following command will allow
this access:restorecon /etc/sysconfig/iptables
Additional InformationSource
Context: system_u:system_r:iptables_t:s0-s0:c0.c1023Target
Context: system_u:object_r:etc_t:s0Target Objects: /etc/sysconfig/iptables [
file ]Affected RPM Packages: iptables-1.3.8-5.fc8 [application]Policy
RPM: selinux-policy-3.0.8-44.fc8Selinux Enabled: TruePolicy
Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin
Name: plugins.mislabeled_fileHost Name: ciordas0.roPlatform: Linux
ciordas0.ro 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 i686Alert
Count: 13First Seen: Tue 27 Oct 2009 09:30:49 AM EETLast Seen: Tue 27 Oct
2009 12:36:39 PM EETLocal ID: ed71f937-8bc6-43a4-aa7d-e1b4ada396b8Line
Numbers:
Raw Audit Messages :avc: denied { write } for comm=iptables-save dev=dm-0
egid=0 euid=0 exe=/sbin/iptables-save exit=0 fsgid=0 fsuid=0 gid=0 items=0
path=/etc/sysconfig/iptables pid=28524
scontext=system_u:system_r:iptables_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:iptables_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=system_u:object_r:etc_t:s0 tty=pts1 uid=0
Cum se poate remedia eroarea?
Multumesc!
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
