Re: service not starting via systemd but no AVCs are generated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2013-07-09 at 21:28 +0800, Ed Greshko wrote:
> On 07/09/13 21:06, Ed Greshko wrote:
> 
> 
> Sorry to be responding to myself....but....
> 
> It seems this AVC is the relevant one since /run is on tmpfs.
> >
> > type=AVC msg=audit(1373375040.246:775): avc:  denied  { write } for  pid=3820 comm="fail2ban-client" name="fail2ban" dev="tmpfs" ino=28732 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:fail2ban_var_run_t:s0 tclass=dir
> 
> Not being fluent in selinux....  Would this be a bug in the fail2ban policy module....  Or, something else?
> 

yes a bug in the fail2ban policy module

either the fail2ban client checks to see if /run/fail2ban is writable or
it actually wants to create something in there ( but there is currently
no trace of the latter)

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux