447502 – Fail2Ban is not allowed to access/execute /sbin/iptables

Bug 447502 - Fail2Ban is not allowed to access/execute /sbin/iptables

Summary: Fail2Ban is not allowed to access/execute /sbin/iptables

Keywords:
Status:	CLOSED DUPLICATE of bug 230191
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	fail2ban
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Axel Thimm
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-05-20 07:50 UTC by Matthias Runge
Modified:	2008-05-20 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-05-20 15:37:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Matthias Runge 2008-05-20 07:50:33 UTC

Description of problem:
host=... type=AVC msg=audit(1211267702.880:813): avc: denied { read write } for
pid=25093 comm="iptables" path="socket:[8808]" dev=sockfs ino=8808
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket host=...
type=SYSCALL msg=audit(1211267702.880:813): arch=40000003 syscall=11 success=yes
exit=0 a0=8eeb1d8 a1=8eea440 a2=8eea480 a3=0 items=0 ppid=25092 pid=25093
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables"
subj=system_u:system_r:iptables_t:s0 key=(null) 

Version-Release number of selected component (if applicable):
fail2ban-0.8.2-13.fc9.noarch

How reproducible:
every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
selinux policy forbids (would forbid) 

Expected results:
allow access to iptables

Additional info:

Comment 1 Axel Thimm 2008-05-20 15:37:22 UTC


*** This bug has been marked as a duplicate of 230191 ***

Note You need to log in before you can comment on or make changes to this bug.