Re: Questions about fail2ban policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/17/22 20:45, Orion Poplawski wrote:
I'm getting the following error building fail2ban on EPEL9:

make[1]: Entering directory '/builddir/build/BUILD/fail2ban-0.11.2'
fail2ban.if:13: Error: duplicate definition of fail2ban_domtrans(). Original definition on 13. fail2ban.if:33: Error: duplicate definition of fail2ban_domtrans_client(). Original definition on 33. fail2ban.if:60: Error: duplicate definition of fail2ban_run_client(). Original definition on 60. fail2ban.if:80: Error: duplicate definition of fail2ban_stream_connect(). Original definition on 80. fail2ban.if:99: Error: duplicate definition of fail2ban_rw_inherited_tmp_files(). Original definition on 99. fail2ban.if:118: Error: duplicate definition of fail2ban_rw_stream_sockets(). Original definition on 118. fail2ban.if:137: Error: duplicate definition of fail2ban_dontaudit_use_fds(). Original definition on 137. fail2ban.if:156: Error: duplicate definition of fail2ban_dontaudit_rw_stream_sockets(). Original definition on 156. fail2ban.if:174: Error: duplicate definition of fail2ban_read_lib_files(). Original definition on 174. fail2ban.if:194: Error: duplicate definition of fail2ban_read_log(). Original definition on 194. fail2ban.if:215: Error: duplicate definition of fail2ban_append_log(). Original definition on 215. fail2ban.if:235: Error: duplicate definition of fail2ban_read_pid_files(). Original definition on 235. fail2ban.if:254: Error: duplicate definition of fail2ban_dontaudit_leaks(). Original definition on 254. fail2ban.if:281: Error: duplicate definition of fail2ban_admin(). Original definition on 281.
Compiling targeted fail2ban module


fail2ban.te:102:ERROR 'syntax error' at token 'logging_watch_audit_log_files' on line 6330:
logging_watch_audit_log_files(fail2ban_t)


The .if errors don't seem to actually fail the build, but I'm still curious if it's time to drop the fail2ban policy from selinux-policy itself.

The latter seems to be a problem, but is fine on Fedora (through F37). It also complains about other logging_watch_* macros.

What happened to this in EL9?

So, it looks like the policy in EL9 is old enough to not have these macros. Any suggestions for how to conditionally support this?


--
Orion Poplawski
he/him/his  - surely the least important thing about me
IT Systems Manager                         720-772-5637
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@xxxxxxxx
Boulder, CO 80301                 https://www.nwra.com/

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux