Failed to Load Security Policy: Invalid argument
Cause
While installing a policy from the GUI (or the command line) the following error message is displayed:
default.W: Security Policy Script generated into default.pf default: Compiled OK. Installing Security Policy default on all.all@lab-netra Failed to Load Security Policy: Invalid argument <-------------- !! Installing Security Policy on localhost(localhost) failed |
If you truss the policy load, you receive the following:
truss -o /tmp/truss -f -vall -rall -wall /etc/fw/bin/fw
/etc/fw/conf/default.W
|
The following is near the end of the truss:
1226: open("/dev/fw0", O_RDWR|O_NONBLOCK) = 7
1226: ioctl(7, 0xC0C07A18, 0xEFFFBCA0) Err#22 EINVAL
|
This problem is caused by someone "plumbing" or configuring a new Ethernet interface after Firewall-1 has already started (that is, plumbing an interface by hand after the system has been booted).
Action
This error can be resolved by configuring the interface to configure automatically at boot time (for example, by creating a /etc/hostname.qe0 file) and rebooting the system.
The following is another solution:
/etc/fw/bin/fwstop # Stop firewall modinfo | grep fw # Get kernel module ID 85 f5e19000 3cc0c 51 1 fw (fw) modunload -i 85 # Unload kernel module /etc/fw/bin/fwstart # Restart firewall |
The policy installs correctly now with the following:
# ./fw load ../conf/default.W default.W: Security Policy Script generated into default.pf default: Compiled OK. |
- © 2010, Oracle Corporation and/or its affiliates