Re: Need SELinux help for fail2ban!

Carlos Rodriguez-Fernandez <carlosrodrifernandez@xxxxxxxxx> · Sun, 5 May 2024 07:40:22 -0700

I don't think the problem is the "fc" file, but the fact that the file 
in /run/fail2ban didn't get relabeled when the users updated, or the 
selinux subpackage didn't get updated at all. That explains why it works 
on a fresh system.

The specificity of "/run/fail2ban(/.*)?" is better and safer, so you 
don't get restorecon to relabel /run/fail2ban-/my-hack.

On 5/5/24 05:35, Richard Shaw wrote:
I'm trying to reproduce the problem on the Fedora rawhide test machine 
but it's running without error!

$ sudo systemctl status fail2ban.service
● fail2ban.service - Fail2Ban Service
      Loaded: loaded (/usr/lib/systemd/system/fail2ban.service; 
disabled; preset: disabled)
     Drop-In: /usr/lib/systemd/system/service.d
              └─10-timeout-abort.conf
      Active: active (running) since Sun 2024-05-05 12:31:24 UTC; 1min 
8s ago
        Docs: man:fail2ban(1)
     Process: 1689891 ExecStartPre=/bin/mkdir -p /run/fail2ban 
(code=exited, status=0/SUCCESS)
    Main PID: 1689893 (fail2ban-server)
       Tasks: 3 (limit: 9118)
      Memory: 11.5M (peak: 11.8M)
         CPU: 114ms
      CGroup: /system.slice/fail2ban.service
              └─1689893 /usr/bin/python3 -sP /usr/bin/fail2ban-server 
-xf start

May 05 12:31:24 rawhide-test.fedorainfracloud.org 
<http://rawhide-test.fedorainfracloud.org> systemd[1]: Starting 
fail2ban.service - Fail2Ban Service...
May 05 12:31:24 rawhide-test.fedorainfracloud.org 
<http://rawhide-test.fedorainfracloud.org> systemd[1]: Started 
fail2ban.service - Fail2Ban Service.
May 05 12:31:25 rawhide-test.fedorainfracloud.org 
<http://rawhide-test.fedorainfracloud.org> fail2ban-server[1689893]: 
Server ready
---

Socket file is written:

$ ll -Z  /run/fail2ban/
total 4
-rw-------. 1 root root system_u:object_r:fail2ban_var_run_t:s0 8 May  5 
12:31 fail2ban.pid
srwx------. 1 root root system_u:object_r:fail2ban_var_run_t:s0 0 May  5 
12:31 fail2ban.sock

I don't want to try random fixes to a problem I can't reproduce...

Richard

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue