This is a new bug stemming from BUG #438068, comment 20. the ipset tool in permissive mode works as expected. In restricted mode it cannot connect to the kernel. example: ipset -L > ipset v6.13: Cannot open session to kernel. Reproducible: Always
Created attachment 329050 [details] emerge --info
Created attachment 329052 [details] /usr/src/linux/.config
changing the context to match that of iptables seems to fix the problem: chcon -t iptables_exec_t /usr/sbin/ipset The default context however has the type set to bin_t
fixed in repo (live ebuilds) and will be in rev7
r7 is now in hardened-dev
In main tree, ~arch'ed
r8 is now stable