From 6dbaddcefe8af280f6c8a224143c7a864a1778c0 Mon Sep 17 00:00:00 2001 From: Richard Shaw Date: Sun, 6 Jun 2021 06:58:43 -0500 Subject: [PATCH] Update selinux policy for Fedora 34+ --- fail2ban.spec | 5 ++++- fail2ban.te | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/fail2ban.spec b/fail2ban.spec index 5a069e4..fa9cfd6 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,6 +1,6 @@ Name: fail2ban Version: 0.11.2 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Daemon to ban hosts that cause multiple authentication errors License: GPLv2+ @@ -397,6 +397,9 @@ fi %changelog +* Sun Jun 06 2021 Richard Shaw - 0.11.2-5 +- Update selinux policy for Fedora 34+ + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 0.11.2-4 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. diff --git a/fail2ban.te b/fail2ban.te index 302f4bc..92615ca 100644 --- a/fail2ban.te +++ b/fail2ban.te @@ -45,6 +45,7 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms; read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t) +allow fail2ban_t fail2ban_log_t:file watch; append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t) @@ -88,7 +89,6 @@ files_read_etc_runtime_files(fail2ban_t) files_list_var(fail2ban_t) files_dontaudit_list_tmp(fail2ban_t) -fs_list_inotifyfs(fail2ban_t) fs_getattr_all_fs(fail2ban_t) auth_use_nsswitch(fail2ban_t) @@ -100,6 +100,10 @@ logging_read_syslog_pid(fail2ban_t) logging_dontaudit_search_audit_logs(fail2ban_t) logging_mmap_generic_logs(fail2ban_t) logging_mmap_journal(fail2ban_t) +logging_watch_audit_log_files(fail2ban_t) +logging_watch_audit_log_dirs(fail2ban_t) +logging_watch_generic_log_dirs(fail2ban_t) +logging_watch_journal_dir(fail2ban_t) mta_send_mail(fail2ban_t)