On Sat, Jun 25, 2022 at 6:13 PM Samuel Sieb <samuel@xxxxxxxx> wrote:
On 6/25/22 06:59, Richard Shaw wrote:
> Fail2ban works fine in F35 but now has an SELinux problem in F36[1]...
>
> While not a SELinux expert I can often reason things out but the
> "unconfined" stuff confuses me.
>
> type=AVC msg=audit(1655618425.791:3076): avc: denied { connectto } for
> pid=1286608 comm="fail2ban-client" path="/run/fail2ban/fail2ban.sock"
> scontext=system_u:system_r:fail2ban_client_t:s0
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=unix_stream_socket permissive=0
What does "ls -lZ /run/fail2ban/fail2ban.sock" show?
Does "restorecon -v /run/fail2ban/fail2ban.sock" do anything?
This isn't my computer but the one from the BZ so can't say...
It looks like what I need to do is take the audit2allow output from here:
And see how to implement the same thing in the fail2ban SELinux config:
Any help would be appreciated.
Thanks,
Richard
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
