LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices



Reply
 
Search this Thread
Old 01-14-2007, 06:54 PM   #1
erika_Dec2004
LQ Newbie
 
Registered: Dec 2004
Location: USA
Distribution: Mandrake 9.2
Posts: 4

Rep: Reputation: 0
Question Iptables, avc, SElinux


Hi, I am new to the Fedora distribution I installed a recent version in November (6.0), and I was impressed at the smooth installation process. Recently, I have run into some problems.

Specifically, the DNS addresses for my ISP (TDS DSL) are no longer loaded correctly. And, I get the following error message when I try to bring up iptables:

audit(1168711683.623:8): avc: denied { execute } for pid=3521 comm="iptables-restor" name="modprobe" dev=hdd8 ino=1143635 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:insmod_exec_t:s0 tclass=file

Can anyone explain what avc is, and how I can manipulate its settings? I understand it has something to do with SE linux. Pointers to the correct documentation would be appreciated.

Thanks!

--Erika

ps - Yes, I booted up another linux in order to connect to the network.
 
Old 01-15-2007, 05:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977Reputation: 2977
Can anyone explain what avc is, and how I can manipulate its settings? I understand it has something to do with SE linux. Pointers to the correct documentation would be appreciated.
AVC are the SELinux audit messages. SELinux gets its rules from a compiled policy whose source lives in /etc/selinux where you can edit rules. For FC6 SELinux docs I'd suggest the online docs at the FC site since they should be current. (FC6 also includes the most new and shiny SELinux-managing GUI tools which I haven't seen myself yet). If you want to see a version of that message understandable for humans try running "audit2why < /var/log/audit/auditd.log". Its companion app "audit2allow" allows you to take the AVC messages and make a custom policy with you can load (since I can't see what the file should be chconned to). Your other choices are relabelling (touch /.autorelabel as root, reboot) or running the destructive "fixfiles relabel".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
audit avc : denied AlteRFirE Fedora 3 01-06-2007 10:32 AM
What's AVC? Tux-O-Matic Linux - General 6 12-11-2006 06:55 AM
audit avc: denied messages ? dansawyer Linux - Software 1 09-04-2006 04:44 PM
Securing server - SELinux or iptables or both? pingu Linux - Networking 2 11-10-2005 05:07 AM
Adaptec AVC 1100 slothpuck Linux - Hardware 0 12-23-2004 05:32 PM


All times are GMT -5. The time now is 10:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration