Re: [Shorewall-users] shorewall not auto starting on fedora 14 on vmware

Mon, 09 May 2011 10:47:20 -0700 

On 5/9/11 10:30 AM, Donald McLachlan wrote:
> 
> Hi All,
> 
> Maybe I did not use the correct keywords, but I am unable to find a
> solution for this problem with google , or via the archives.
> 
>     * I've been given a fc14 virtual machine.
>     * Upon reboot, shorewall is not running.
>     * If I do the following, shorewall starts OK.
>           o  log in via the vmware console
>           o su root
>           o /sbin/shorewall start
>     * even though /etc/rc.local is out of favour I tried running
>       "/sbin/shorewall start" in /etc/rc.local, but shorewall is still
>       not starting on reboot.
> 
> /var/log/messages reports:
> 
> May  9 11:04:56 mclachlan1 shorewall[1445]: Compiling...
> May  9 11:04:57 mclachlan1 shorewall[1445]: Processing /etc/shorewall/params 
> ...
> May  9 11:04:57 mclachlan1 shorewall[1445]: Can't exec 
> "/usr/share/shorewall//getparams": Permission denied at /usr/share/sho
> rewall/Shorewall/Config.pm line 2867.
> May  9 11:04:57 mclachlan1 kernel: [   14.943055] type=1400 
> audit(1304953497.367:4): avc:  denied  { execute } for  pid=1461 
> comm="perl" name="getparams" dev=dm-0 ino=395957 
> scontext=system_u:system_r:shorewall_t:s0 tcontext=system_u:object_r:usr_t:s
> 0 tclass=file
> May  9 11:04:57 mclachlan1 shorewall[1445]:    ERROR: Processing of 
> /etc/shorewall/params failed
> 
> 
> I don't see why shorewall fails to start from /etc/rc.local, but starts
> OK from the command line.
> [ whoami from /etc/rc.local reports root. When starting from the command
> line whoami reports root. ]
> 
> Any help would be greatly appreciated.

Hopefully someone who is SELinux-knowledgable will chime in here, but it
looks to me as though running /usr/share/shorewall/getparams is not
allowed in the init startup context.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to