I first edited /etc/rc.local and commented out my hack. I then did: [root@mclachlan1 don]# semanage fcontext -a -t bin_t /usr/share/shorewall/getparams [root@mclachlan1 don]# restorecon -vF /usr/share/shorewall/getparams restorecon reset /usr/share/shorewall/getparams context system_u:object_r:usr_t:s0->system_u:object_r:bin_t:s0 [root@mclachlan1 don]# ls -lasZ /usr/share/shorewall/getparams -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/share/shorewall/getparams [root@mclachlan1 don]# reboot
and the system came up with shorewall running. This is a cleaner solution, especially if it still does not have to be redone after O/S upgrades, etc. Otherwise I prefer the simple rc.local hack. Anyway, now there are 2 documented "fixes". Thanks again, Don On 09/05/2011 2:34 PM, Mr Dash Four wrote: > >> [don@mclachlan1 ~]$ cat /etc/rc.local >> #!/bin/sh >> # >> # This script will be executed *after* all the other init scripts. >> # You can put your own initialization stuff in here if you don't >> # want to do the full Sys V style init stuff. >> >> touch /var/lock/subsys/local >> >> # DGM 08/05/2011 - work around Fedora 14 / SELinux bug. >> echo 0 > /selinux/enforce >> /sbin/shorewall start >> echo 1 > /selinux/enforce >> >> Thanks again, >> Don > Apologies Don, there is a better and more permanent solution to this > (this is what I have done - and alluded to, though not very clearly - > in my last post): > > execute the following 2 statements as root: > > semanage fcontext -a -t bin_t /usr/share/shorewall/getparams > restorecon -vF /usr/share/shorewall/getparams > > After this, the security context on getparams should have been amended > from "usr_t" to "bit_t". To make sure of that execute "ls -lasZ > /usr/share/shorewall/getparams" and you should clearly see the > security context on this file as "bin_t". Once that is so, you don't > have to do anything else - no need to amend your rc.local. > > Apologies for not making this much clearer! > ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
