[CentOS] Re: SELinux question - to fix bug in Webmin

Sat Sep 1 15:54:38 UTC 2007
Lanny Marcus <mailing-lists at computer2.com>

On 30 August 2007, Kenneth Porter <shiva at sewingwitch.com> wrote:
> Message: 75
> You might also want to direct your question to the SELinux people on
> their lists:
> <http://www.redhat.com/mailman/listinfo/fedora-selinux-list>
> <http://www.nsa.gov/selinux/info/list.cfm>
> (I'm curious to know what the solution is, though, so please follow up
> back here with anything you find!)

Ken: I posted on the fedora-selinux-list  Below is the reply from Daniel
J. Walsh at Redhat. Lanny

> This explanation and description of the problem are fine.  We probably
> need a custom policy for webmin to allow iptables to write to scripts
> running as webmin, since catching stderr is important.   There is no
> file context that can be set to allow this.  As I recall from the
> original bug report, iptables was also trying to communicate with
> another open file descriptor.  This one I beleive should be closed on
> exec.