Description of problem: upgraded from f33 to f34 SELinux is preventing f2b/f.sshd from 'watch' accesses on the dossier /run/log/journal/9381394c716368c6c4b4af6d5a20a150. ***** Plugin catchall (100. confidence) suggests ************************** Si vous pensez que f.sshd devrait être autorisé à accéder watch sur 9381394c716368c6c4b4af6d5a20a150 directory par défaut. Then vous devriez rapporter ceci en tant qu'anomalie. Vous pouvez générer un module de stratégie local pour autoriser cet accès. Do autoriser cet accès pour le moment en exécutant : # ausearch -c "f2b/f.sshd" --raw | audit2allow -M my-f2bfsshd # semodule -X 300 -i my-f2bfsshd.pp Additional Information: Source Context system_u:system_r:fail2ban_t:s0 Target Context system_u:object_r:syslogd_var_run_t:s0 Target Objects /run/log/journal/9381394c716368c6c4b4af6d5a20a150 [ dir ] Source f2b/f.sshd Source Path f2b/f.sshd Port <Inconnu> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.3-1.fc34.noarch Local Policy RPM fail2ban-selinux-0.11.2-3.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 5.11.16-300.fc34.x86_64 #1 SMP Wed Apr 21 13:18:33 UTC 2021 x86_64 x86_64 Alert Count 8 First Seen 2021-04-25 13:36:19 CEST Last Seen 2021-04-25 13:50:25 CEST Local ID 4c765ef7-428a-4329-b67e-6b87b8928fc9 Raw Audit Messages type=AVC msg=audit(1619351425.392:240): avc: denied { watch } for pid=1621 comm="f2b/f.dropbear" path="/run/log/journal/9381394c716368c6c4b4af6d5a20a150" dev="tmpfs" ino=67 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=dir permissive=0 Hash: f2b/f.sshd,fail2ban_t,syslogd_var_run_t,dir,watch Version-Release number of selected component: selinux-policy-targeted-34.3-1.fc34.noarch Additional info: component: fail2ban reporter: libreport-2.14.0 hashmarkername: setroubleshoot kernel: 5.11.16-300.fc34.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 1943696 ***