[SELinux] iptables and ip6tables: scontext=unconfined_u:system_r:iptables_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Medium
|
Kevin Carter |
Bug Description
Hello there,
We apparently have some issues with master when it comes to iptables and ip6tables:
type=AVC msg=audit(
type=AVC msg=audit(
What I understand here is iptables_t tries to write things in admin_home_t, probably linked to the "async" way rules are being applied.
It might be best to move that "~/.ansible_async/" directory outside of /root/ (like /var/tmp maybe?) and, if needed, allow iptables_t to write in this other location.
Also, it might be "just" cosmetics, since I can see firewall rules in the INPUT tables (both iptables and ip6tables).
Cheers,
C.
Fix proposed to branch: master /review. opendev. org/704836
Review: https:/