Description of problem: Seems like perhaps SELinux 'policies' could come to the rescue (if devel there would contribute) because best would be - I think - if there were booleans for that. More denials against log files, ningx, apache. ... SELinux is preventing /usr/bin/python3.9 from watch access on the file /var/log/httpd/error_log ... Should be easy to reproduce, with pretty vanilla-default fail2ban setup. -> $ cat my-fail2banserver.te module my-fail2banserver 1.0; require { type fail2ban_t; type httpd_log_t; class dir watch; class file watch; } #============= fail2ban_t ============== allow fail2ban_t httpd_log_t:dir watch; allow fail2ban_t httpd_log_t:file watch; many thanks, L. Version-Release number of selected component (if applicable): fail2ban-firewalld-0.11.2-11.el9.noarch fail2ban-server-0.11.2-11.el9.noarch selinux-policy-34.1.27-1.el9.noarch How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
There is a bug in the current fail2ban-server packaging where it doesn't bring in the fail2ban-selinux package. If you install that, things should be better. I'll try to get an update out soon.
FEDORA-EPEL-2023-07bf30a1f1 has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-07bf30a1f1
FEDORA-EPEL-2023-07bf30a1f1 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-07bf30a1f1 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2023-07bf30a1f1 has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.