[Bug 802] New: Lack of error feedback on SELinux denial

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Mon Nov 19 05:19:29 CET 2012


           Summary: Lack of error feedback on SELinux denial
           Product: ipset
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: default
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: bochecha at fedoraproject.org
   Estimated Hours: 0.0

I recently had a bug report submitted for my ipset package in Fedora:

The problem was caused by the SELinux policy being too strict, which was fixed
since then.

However, figuring out the problem was made harder because ipset was not
returning any error message, it just failed silently.

It would be nice if ipset could have let the user know it couldn't execute the
request properly.

For example, other tools will usually output a "permission denied" error
message when being blocked by SELinux.

Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list