From f04bf03ceaf7f4a407c189b2732354e729fede52 Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@nwra.com>
Date: Fri, 23 Feb 2024 13:31:03 -0700
Subject: [PATCH] Allow watch on more logfiles

---
 fail2ban.spec | 13 ++++++++++---
 fail2ban.te   |  5 +++++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/fail2ban.spec b/fail2ban.spec
index 0242655..aea220e 100644
--- a/fail2ban.spec
+++ b/fail2ban.spec
@@ -6,7 +6,7 @@
 
 Name: fail2ban
 Version: 1.0.2
-Release: 11%{?dist}
+Release: 12%{?dist}
 Summary: Daemon to ban hosts that cause multiple authentication errors
 
 License: GPLv2+
@@ -67,7 +67,11 @@ BuildRequires: sqlite
 BuildRequires: systemd
 BuildRequires: selinux-policy-devel
 BuildRequires: make
+%if 0%{?fedora} >= 41
+BuildRequires: bash-completion-devel
+%else
 BuildRequires: bash-completion
+%endif
 BuildRequires: gnupg2
 
 # Default components
@@ -121,7 +125,7 @@ Requires: (%{name}-selinux if selinux-policy-%{selinuxtype})
 Requires: %{name}-selinux
 %endif
 # see note above in BuildRequires section
-%if v"0%{?python3_version}" >= v"3.12"
+%if 0%{?fedora} > 38
 Requires: python3-pyasyncore
 Requires: python3-pyasynchat
 %endif
@@ -241,7 +245,7 @@ by default.
 %autosetup -p1
 # this test uses smtpd which is removed in Python 3.12, rewriting it
 # isn't trivial
-%if v"0%{?python3_version}" >= v"3.12"
+%if 0%{?fedora} > 38
 rm -f fail2ban/tests/action_d/test_smtp.py
 %endif
 
@@ -456,6 +460,9 @@ fi
 
 
 %changelog
+* Thu Feb 22 2024 Orion Poplawski <orion@nwra.com> - 1.0.2-12
+- Allow watch on more logfiles
+
 * Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.2-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
diff --git a/fail2ban.te b/fail2ban.te
index 6d36a70..1c02960 100644
--- a/fail2ban.te
+++ b/fail2ban.te
@@ -100,6 +100,11 @@ logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
 allow fail2ban_t fail2ban_log_t:file watch;
+gen_require(`
+        attribute logfile;
+')
+allow fail2ban_t logfile:dir { watch_dir_perms };
+allow fail2ban_t logfile:file { watch_file_perms };
 # Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
 gen_require(`