On 30 August 2007, Kenneth Porter <shiva at sewingwitch.com> wrote: > Message: 75 <snip> > You might also want to direct your question to the SELinux people on > their lists: > > <http://www.redhat.com/mailman/listinfo/fedora-selinux-list> > <http://www.nsa.gov/selinux/info/list.cfm> > > (I'm curious to know what the solution is, though, so please follow up > back here with anything you find!) Ken: I posted on the fedora-selinux-list Below is the reply from Daniel J. Walsh at Redhat. Lanny > This explanation and description of the problem are fine. We probably > need a custom policy for webmin to allow iptables to write to scripts > running as webmin, since catching stderr is important. There is no > file context that can be set to allow this. As I recall from the > original bug report, iptables was also trying to communicate with > another open file descriptor. This one I beleive should be closed on > exec.