Summary: SELinux is preventing iptables (iptables_t) "read write" fail2ban_t. Detailed Description: SELinux denied access requested by iptables. It is not expected that this access is required by iptables and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:iptables_t Target Context system_u:system_r:fail2ban_t Target Objects socket [ unix_stream_socket ] Source iptables Source Path /sbin/iptables Port <Unknown> Host ignacio.ignacio.lan Source RPM Packages iptables-1.4.1.1-2.fc9 Target RPM Packages Policy RPM selinux-policy-3.3.1-124.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name ignacio.ignacio.lan Platform Linux ignacio.ignacio.lan 2.6.27.19-78.2.30.fc9.i686 #1 SMP Tue Feb 24 20:09:23 EST 2009 i686 athlon Alert Count 84 First Seen Fri 06 Mar 2009 10:30:20 PM EST Last Seen Fri 20 Mar 2009 09:22:07 PM EDT Local ID 81a55c87-82a7-4511-93b3-4c5eb0d4fcf6 Line Numbers Raw Audit Messages node=ignacio.ignacio.lan type=AVC msg=audit(1237598527.54:3206): avc: denied { read write } for pid=1310 comm="iptables" path="socket:[12191]" dev=sockfs ino=12191 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket node=ignacio.ignacio.lan type=AVC msg=audit(1237598527.54:3206): avc: denied { read write } for pid=1310 comm="iptables" path="socket:[12248]" dev=sockfs ino=12248 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket node=ignacio.ignacio.lan type=SYSCALL msg=audit(1237598527.54:3206): arch=40000003 syscall=11 success=yes exit=0 a0=94c47b8 a1=94c4ab8 a2=94c3b10 a3=0 items=0 ppid=2779 pid=1310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)
fail2ban is leaking file descriptors. Has been fixed in F10 and Rawhide I believe, I guess fix needs to be backported.
(In reply to comment #1) > fail2ban is leaking file descriptors. Has been fixed in F10 and Rawhide I > believe, I guess fix needs to be backported. F9 and F10/rawhide are in sync - last common build was 6 weeks ago. The leaking descriptor bug was supposedly fixed a year ago: * Thu Mar 27 2008 Axel Thimm <Axel.Thimm> - 0.8.2-14 - Close on exec fixes by Jonathan Underwood. So this looks like something new/different.
There has to be other problems, I'm getting the same Selinux Error message. My bug # 499674.
This is basically a design problem with fail2ban. Gamin isn't actually meant to be used in this way. I reported this upstream some time ago: http://sourceforge.net/tracker/?func=detail&aid=1971871&group_id=121032&atid=689044
*** This bug has been marked as a duplicate of bug 483510 ***