On 30 August 2007, Kenneth Porter shiva@sewingwitch.com wrote:
Message: 75
<snip>
You might also want to direct your question to the SELinux people on their lists:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list http://www.nsa.gov/selinux/info/list.cfm
(I'm curious to know what the solution is, though, so please follow up back here with anything you find!)
Ken: I posted on the fedora-selinux-list Below is the reply from Daniel J. Walsh at Redhat. Lanny
This explanation and description of the problem are fine. We probably need a custom policy for webmin to allow iptables to write to scripts running as webmin, since catching stderr is important. There is no file context that can be set to allow this. As I recall from the original bug report, iptables was also trying to communicate with another open file descriptor. This one I beleive should be closed on exec.