From 4a14754ba123c2ce58e8fd732dc109b2444028d5 Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 3 Jul 2007 15:28:20 +0000 Subject: [PATCH] Work around SELinux nonsense git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6764 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-common/releasenotes.txt | 3 +++ Shorewall-perl/Shorewall/Chains.pm | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index a52d83f3b..4f391c105 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -12,6 +12,8 @@ Changes in 4.0.0 RC 1 6) Make ':noah' the default. +7) Work around SELinux nonsense. + Changes in 4.0.0 Beta 6 1) First step to adding compiler debugging facility. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 6015d4585..1f476c05f 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -34,6 +34,9 @@ Problems corrected in 4.0.0 Beta 7. validated. Previously, very obvious errors would result in run-time errors. +3) "shorewall start" and "shorewall restart" no longer fail on SELinux + due to iptables-restore not being allowed to read from /var. + Other changes in Shorewall 4.0.0 RC 1. 1) The shorewall-perl RPM may no longer be installed under Shorewall diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 31055e5a1..5dc052e9e 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -1957,7 +1957,7 @@ sub create_netfilter_load() { '', 'progress_message2 "Running iptables-restore..."', '', - '$IPTABLES_RESTORE < ${VARDIR}/.iptables-restore-input' + 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE' ); emitj( 'if [ $? != 0 ]; then',