> May 9 11:04:57 mclachlan1 kernel: [ 14.943055] type=1400
> audit(1304953497.367:4): avc: denied { execute } for pid=1461
> comm="perl" name="getparams" dev=dm-0 ino=395957
> scontext=system_u:system_r:shorewall_t:s0 tcontext=system_u:object_r:usr_t:s
> 0 tclass=file
>
This is an error with the selinux policy in FC14 (the main reason I am
*NOT* on FC14)! Run "restorecon -vF /usr/share/shorewall/getparams" and
then check the selinux context with "ls -lasZ
/usr/share/shorewall/getparams" - if it is still "usr_t" you could try
and submit a bug with Fedora. As a temporary "solution" you could do
this (as root):
echo 0 > /selinux/enforce (this will briefly set your SELinux policy in
passive mode)
service shorewall start (or "/sbin/shorewall start")
If, after this point, you do not get any errors then the problem is
definitely with Fedora's SELinux policy people. In any event, after you
execute the above restore SELinux back in enforcing mode:
echo 1 /selinux/enforce
> I don't see why shorewall fails to start from /etc/rc.local, but
> starts OK from the command line.
> [ whoami from /etc/rc.local reports root. When starting from the
> command line whoami reports root. ]
Because you are running the shell as a "privileged" user from SELinux's
point of view. If I were you I would also alert the SELinux mailing list
([email protected]).
> Any help would be greatly appreciated.
No worries!
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
