2369545 – SELinux execmem access denial on startup

Bug 2369545 - SELinux execmem access denial on startup

Summary: SELinux execmem access denial on startup

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	fail2ban
Sub Component:
Version:	epel9
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Orion Poplawski
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-31 10:31 UTC by overact_ninetieth160
Modified:	2025-05-31 10:31 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description overact_ninetieth160 2025-05-31 10:31:25 UTC

Description of problem:

The following SELinux denial is logged several times upon startup of fail2ban:

type=AVC msg=audit(1748686317.733:34516): avc:  denied  { execmem } for  pid=785523 comm="grep" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=process permissive=0


How reproducible:


Steps to Reproduce:
1. systemctl start fail2ban
2. Check audit log


Additional info:

I am not sure what fail2ban does that it wants execmem, so this might be an upstream issue.

Note You need to log in before you can comment on or make changes to this bug.