"service iptables stop" not working -- /proc/net unreadable
Chuck R. Anderson
cra at WPI.EDU
Thu May 5 21:05:01 UTC 2005
I had a problem disabling my iptables firewall today, and noticed that
/proc/net being unreadable was the cause of "service iptables stop"
not working. I have an avc:
audit(1115326402.826:0): avc: denied { search } for pid=5818
exe=/bin/tcsh name=net dev=proc ino=-268435434
scontext=user_u:system_r:unconfined_t
tcontext=system_u:object_r:proc_net_t tclass=dir
What happened to my /proc?
#ls -lZ /proc/net
ls: /proc/net: Permission denied
#ls -lZd /proc/net
ls: /proc/net: Permission denied
#ls -lZ /proc|grep net
?--------- ? ? net
#ls -l /proc|grep net
?--------- ? ? ? ? ? net
This is FC3 with kernel-2.6.11-1.14_FC3 and
selinux-policy-targeted-1.17.30-3.1.
More information about the fedora-selinux-list
mailing list