grep iptables < /var/log/audit/audit.log | audit2allow -M iptables1
semodule -i iptables1.pp
...si urmareste audit.log pentru eventuale alte mesaje de deny pe care
le rezolvi tot cu audit2allow
On Tue, 2009-10-27 at 04:57 -0700, Bercovici Manuel wrote:
> Raw Audit Messages :avc: denied { write } for comm=iptables-save
> dev=dm-0 egid=0 euid=0 exe=/sbin/iptables-save exit=0 fsgid=0 fsuid=0
> gid=0 items=0 path=/etc/sysconfig/iptables pid=28524
> scontext=system_u:system_r:iptables_t:s0-s0:c0.c1023 sgid=0
> subj=system_u:system_r:iptables_t:s0-s0:c0.c1023 suid=0 tclass=file
> tcontext=system_u:object_r:etc_t:s0 tty=pts1 uid=0
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
