Iptables, avc, SElinux
 

Hi, I am new to the Fedora distribution I installed a recent version in November (6.0), and I was impressed at the smooth installation process. Recently, I have run into some problems.

Specifically, the DNS addresses for my ISP (TDS DSL) are no longer loaded correctly. And, I get the following error message when I try to bring up iptables:

audit(1168711683.623:8): avc: denied { execute } for pid=3521 comm="iptables-restor" name="modprobe" dev=hdd8 ino=1143635 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file

Can anyone explain what avc is, and how I can manipulate its settings? I understand it has something to do with SE linux. Pointers to the correct documentation would be appreciated.

Thanks!

--Erika

ps - Yes, I booted up another linux in order to connect to the network.

Can anyone explain what avc is, and how I can manipulate its settings? I understand it has something to do with SE linux. Pointers to the correct documentation would be appreciated.
AVC are the SELinux audit messages. SELinux gets its rules from a compiled policy whose source lives in /etc/selinux where you can edit rules. For FC6 SELinux docs I'd suggest the online docs at the FC site since they should be current. (FC6 also includes the most new and shiny SELinux-managing GUI tools which I haven't seen myself yet). If you want to see a version of that message understandable for humans try running "audit2why < /var/log/audit/auditd.log". Its companion app "audit2allow" allows you to take the AVC messages and make a custom policy with you can load (since I can't see what the file should be chconned to). Your other choices are relabelling (touch /.autorelabel as root, reboot) or running the destructive "fixfiles relabel".