Bug 526485 - fail2ban fails to start
Summary: fail2ban fails to start
Status: CLOSED DUPLICATE of bug 522767
Alias: None
Product: Fedora
Classification: Fedora
Component: fail2ban
Version: 11
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Axel Thimm
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2009-09-30 15:10 UTC by Harish Pillay
Modified: 2009-10-24 05:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-10-24 05:58:19 UTC
Type: ---

Attachments (Terms of Use)

Description Harish Pillay 2009-09-30 15:10:19 UTC
SELinux is preventing fail2ban-server (fail2ban_t) "create" fail2ban_t.

Detailed Description

SELinux denied access requested by fail2ban-server. It is not expected that this access is required by fail2ban-server and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing AccessYou can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. 

Additional Information
Source Context:  unconfined_u:system_r:fail2ban_t:s0
Target Context:  unconfined_u:system_r:fail2ban_t:s0
Target Objects:  None [ unix_dgram_socket ]Source:  fail2ban-server
Source Path:  /usr/bin/pythonPort:  <Unknown>
Host:  qbic.temasek.netSource RPM 
Packages:  python-2.6-9.fc11
Target RPM Packages:  Policy 
RPM:  selinux-policy-3.6.12-83.fc11
Selinux Enabled:  True
Policy Type:  targeted
MLS Enabled:  True
Enforcing Mode:  Enforcing
Plugin Name:  catchall
Host Name:  qbic.temasek.netP
latform:  Linux qbic.temasek.net #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686 i686A
lert Count:  1
First Seen:  Wed 30 Sep 2009 10:50:35 PM SGT
Last Seen:  Wed 30 Sep 2009 10:50:35 PM SGT
Local ID:  76d0945f-27f0-4cc9-a1cc-d2a4cf393874
Line Numbers:

Raw Audit Messages :
node=qbic.temasek.net type=AVC msg=audit(1254322235.476:208): avc: denied { create } for pid=11503 comm="fail2ban-server" scontext=unconfined_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=unix_dgram_socket 

node=qbic.temasek.net type=SYSCALL msg=audit(1254322235.476:208): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bfd4c840 a2=e8c10c a3=9163050 items=0 ppid=1 pid=11503 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=21 comm="fail2ban-server" exe="/usr/bin/python" subj=unconfined_u:system_r:fail2ban_t:s0 key=(null)

Comment 1 Duncan Innes 2009-09-30 18:24:28 UTC
Can back this up - finding the same issue and I don't have the knowledge to create a policy myself.

Comment 2 Axel Thimm 2009-10-24 05:58:19 UTC

*** This bug has been marked as a duplicate of bug 522767 ***

Note You need to log in before you can comment on or make changes to this bug.