| Description | Description of problem:
SELinux is preventing /usr/sbin/xtables-multi from 'read' accesses on the file xtables.lock.
***** Plugin catchall (100. confidence) suggests **************************
If cree que de manera predeterminada, xtables-multi debería permitir acceso read sobre xtables.lock file.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
allow this access for now by executing:
# ausearch -c 'iptables' --raw | audit2allow -M my-iptables
# semodule -i my-iptables.pp
Additional Information:
Source Context system_u:system_r:iptables_t:s0
Target Context system_u:object_r:var_run_t:s0
Target Objects xtables.lock [ file ]
Source iptables
Source Path /usr/sbin/xtables-multi
Port <Unknown>
Host (removed)
Source RPM Packages iptables-1.4.21-18.3.el7_4.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-166.el7_4.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-693.21.1.el7.x86_64 #1 SMP
Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64
Alert Count 39
First Seen 2018-03-13 10:09:26 CST
Last Seen 2018-03-13 10:09:46 CST
Local ID 4d2d8de8-82cb-474c-8338-e480f27d8274
Raw Audit Messages
type=AVC msg=audit(1520957386.521:7671): avc: denied { read } for pid=5888 comm="iptables" name="xtables.lock" dev="tmpfs" ino=32003 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1520957386.521:7671): arch=x86_64 syscall=open success=no exit=EACCES a0=4130fb a1=40 a2=180 a3=7ffe7af069e0 items=0 ppid=1920 pid=5888 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:iptables_t:s0 key=(null)
Hash: iptables,iptables_t,var_run_t,file,read
Version-Release number of selected component:
selinux-policy-3.13.1-166.el7_4.9.noarch
|
|---|
