Update selinux policy for Fedora 34+

fail2ban.spec

@@ -1,6 +1,6 @@
 Name: fail2ban
 Version: 0.11.2
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -397,6 +397,9 @@ fi
 
 
 %changelog
+* Sun Jun 06 2021 Richard Shaw <hobbes1069@gmail.com> - 0.11.2-5
+- Update selinux policy for Fedora 34+
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.11.2-4
 - Rebuilt for updated systemd-rpm-macros
   See https://pagure.io/fesco/issue/2583.

fail2ban.te

@@ -45,6 +45,7 @@ allow fail2ban_t self:netlink_netfilter_socket create_socket_perms;
 
 read_files_pattern(fail2ban_t, fail2ban_t, fail2ban_t)
 
+allow fail2ban_t fail2ban_log_t:file watch;
 append_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 create_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
 setattr_files_pattern(fail2ban_t, fail2ban_log_t, fail2ban_log_t)
@@ -88,7 +89,6 @@ files_read_etc_runtime_files(fail2ban_t)
 files_list_var(fail2ban_t)
 files_dontaudit_list_tmp(fail2ban_t)
 
-fs_list_inotifyfs(fail2ban_t)
 fs_getattr_all_fs(fail2ban_t)
 
 auth_use_nsswitch(fail2ban_t)
@@ -100,6 +100,10 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
+logging_watch_audit_log_files(fail2ban_t)
+logging_watch_audit_log_dirs(fail2ban_t)
+logging_watch_generic_log_dirs(fail2ban_t)
+logging_watch_journal_dir(fail2ban_t)
 
 mta_send_mail(fail2ban_t)