Bug 2279136 - fail2ban-selinux 1.0.2-13 prevents server from binding to socket
Summary: fail2ban-selinux 1.0.2-13 prevents server from binding to socket
Keywords:
Status: CLOSED DUPLICATE of bug 2279054
Alias: None
Product: Fedora
Classification: Fedora
Component: fail2ban
Version: 39
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Richard Shaw
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-05 08:24 UTC by Chris Palmer
Modified: 2024-05-05 12:00 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2024-05-05 12:00:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Chris Palmer 2024-05-05 08:24:02 UTC 
Upgrading fail2ban-* from 1.0.2-12 to 1.0.2-13 broke, as the server was no longer permitted to create the socket (in the default location)

May  4 09:38:13 bastion audit[1889]: AVC avc:  denied  { create } for  pid=1889 comm="fail2ban-server" name="fail2ban.sock" scontext=system_u:system_r:fail2ban_t:s
0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file permissive=0

2024-05-04 09:38:13,466 fail2ban.server         [1889]: ERROR   Could not start server: Unable to bind socket /var/run/fail2ban/fail2ban.sock

fail2ban-server then died, and was restarted repeatedly by systemd until the retry count was exhausted.

Downgrading fail2ban-selinux to 1.0.2-9 (and leaving the other components at 1.0.2-13) allowed the service to run.

The problem only occurs when selinux is enforcing of course.

Reproducible: Always

Steps to Reproduce:
1. Ensure selinux is enforcing
2. Install fail2ban-* 1.0.2-13
3. Start fail2ban-server
Actual Results:  
fail2ban-server crashed as detailed above.

Expected Results:  
fail2ban-server should have started normally, creating the socket.
Comment 1 Richard Shaw 2024-05-05 12:00:48 UTC 

*** This bug has been marked as a duplicate of bug 2279054 ***
Note You need to log in before you can comment on or make changes to this bug.