On 07/09/13 22:27, Dominick Grift wrote:
> On Tue, 2013-07-09 at 21:28 +0800, Ed Greshko wrote:
>> On 07/09/13 21:06, Ed Greshko wrote:
>>
>>
>> Sorry to be responding to myself....but....
>>
>> It seems this AVC is the relevant one since /run is on tmpfs.
>>> type=AVC msg=audit(1373375040.246:775): avc: denied { write } for pid=3820 comm="fail2ban-client" name="fail2ban" dev="tmpfs" ino=28732 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:fail2ban_var_run_t:s0 tclass=dir
>> Not being fluent in selinux.... Would this be a bug in the fail2ban policy module.... Or, something else?
>>
> yes a bug in the fail2ban policy module
>
> either the fail2ban client checks to see if /run/fail2ban is writable or
> it actually wants to create something in there ( but there is currently
> no trace of the latter)
>
It seems a bugzilla already has been written....but against beta F19.
https://bugzilla.redhat.com/show_bug.cgi?id=975695
It does want to create a run.pid and a socket
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
