On Sat, Jun 25, 2022 at 6:13 PM Samuel Sieb <sam...@sieb.net> wrote:
> On 6/25/22 06:59, Richard Shaw wrote:
> > Fail2ban works fine in F35 but now has an SELinux problem in F36[1]...
> >
> > While not a SELinux expert I can often reason things out but the
> > "unconfined" stuff confuses me.
> >
> > type=AVC msg=audit(1655618425.791:3076): avc: denied { connectto } for
> > pid=1286608 comm="fail2ban-client" path="/run/fail2ban/fail2ban.sock"
> > scontext=system_u:system_r:fail2ban_client_t:s0
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> > tclass=unix_stream_socket permissive=0
>
> What does "ls -lZ /run/fail2ban/fail2ban.sock" show?
>
> Does "restorecon -v /run/fail2ban/fail2ban.sock" do anything?
>
This isn't my computer but the one from the BZ so can't say...
It looks like what I need to do is take the audit2allow output from here:
https://bugzilla.redhat.com/show_bug.cgi?id=2100549#c4
And see how to implement the same thing in the fail2ban SELinux config:
https://src.fedoraproject.org/rpms/fail2ban/blob/rawhide/f/fail2ban.te
Any help would be appreciated.
Thanks,
Richard
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
