Bug 437628 - fail2ban wants to look at /etc/mtab
fail2ban wants to look at /etc/mtab
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-15 09:55 EDT by Göran Uddeborg
Modified: 2008-11-10 08:55 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-11-10 08:55:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Göran Uddeborg 2008-03-15 09:55:22 EDT
When starting fail2ban I get a lot of AVC messages like these:

time->Sat Mar 15 14:35:37 2008
type=SYSCALL msg=audit(1205588137.822:124): arch=c000003e syscall=4 success=no
exit=-13 a0=413940 a1=7fff94597fb0 a2=7fff94597fb0 a3=0 items=0 ppid=1 pid=7688
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="gam_server" exe="/usr/libexec/gam_server"
subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1205588137.822:124): avc:  denied  { getattr } for  pid=7688
comm="gam_server" path="/etc/mtab" dev=dm-0 ino=4312329
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

time->Sat Mar 15 14:35:37 2008
type=SYSCALL msg=audit(1205588137.822:125): arch=c000003e syscall=2 success=no
exit=-13 a0=413940 a1=0 a2=0 a3=0 items=0 ppid=1 pid=7688 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="gam_server"
exe="/usr/libexec/gam_server" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)
type=AVC msg=audit(1205588137.822:125): avc:  denied  { read } for  pid=7688
comm="gam_server" name="mtab" dev=dm-0 ino=4312329
scontext=unconfined_u:system_r:fail2ban_t:s0
tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file


Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-93.fc8
selinux-policy-targeted-3.0.8-93.fc8
fail2ban-0.8.1-11.fc8

(The policy is from updates-testing.)
Comment 1 Daniel Walsh 2008-03-17 09:28:26 EDT
You can allow this for now by executing 

# audit2allow -M mypol -i /var/log/audit/audit.log 
# semodule -i mypol.pp

Fixed in selinux-policy-3.0.8-94.fc8

Note You need to log in before you can comment on or make changes to this bug.