stable

fail2ban-0.11.2-6.fc34

FEDORA-2021-0f39cb8d2e created by hobbes1069 3 years ago for Fedora 34

Update selinux policy for f34 and up.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-0f39cb8d2e

This update has been submitted for testing by hobbes1069.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago
User Icon pghmcfc commented & provided feedback 3 years ago

Fixes most of the SELinux issues but as I use some non-default jails, I also get these:

type=AVC msg=audit(1623327223.709:6536): avc:  denied  { watch } for  pid=118968 comm="fail2ban-server" path="/var/log/secure" dev="dm-0" ino=662190 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0
type=AVC msg=audit(1623327223.713:6537): avc:  denied  { watch } for  pid=118968 comm="fail2ban-server" path="/var/log/httpd" dev="dm-0" ino=658553 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1623327223.713:6538): avc:  denied  { watch } for  pid=118968 comm="fail2ban-server" path="/var/log/httpd/access_log" dev="dm-0" ino=662142 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:httpd_log_t:s0 tclass=file permissive=0
User Icon goeran commented & provided feedback 3 years ago
karma

Seems to fix #1943696. I see another strange AVC which I need to investigate further.

time->Sat Jun 12 10:18:17 2021
type=AVC msg=audit(1623485897.973:885795): avc:  denied  { execmem } for  pid=850228 comm="grep" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=process permissive=0

That seems unrelated though, so I'm still giving positive karma.

BZ#1943696 SELinux is preventing f2b/f.dropbear from 'watch' accesses on the dossier /var/log/journal/ec1f2eff01f44aa2bebe5f6230eac47b.

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1943696 SELinux is preventing f2b/f.dropbear from 'watch' accesses on the dossier /var/log/journal/ec1f2eff01f44aa2bebe5f6230eac47b.
0
1

Automated Test Results