Description of problem:
SELinux denied access requested by iptables. It is not expected that this access
is required by iptables and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-74.fc10

Installed Packages
Name       : fail2ban
Arch       : noarch
Version    : 0.8.4
Release    : 23.fc10


How reproducible:


Steps to Reproduce:
1. To install fail2ban
2. To configure fail2ban
3. service fail2ban start
  
Actual results:

node=sip1.call711.com type=AVC msg=audit(1301049261.254:4899): avc:  denied  { read write } for  pid=388 comm="iptables" path="socket:[843609]" dev=sockfs ino=843609 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket

node=sip1.call711.com type=AVC msg=audit(1301049261.254:4899): avc:  denied  { read write } for  pid=388 comm="iptables" path="socket:[845646]" dev=sockfs ino=845646 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket

node=sip1.call711.com type=AVC msg=audit(1301049261.254:4899): avc:  denied  { read write } for  pid=388 comm="iptables" path="socket:[843627]" dev=sockfs ino=843627 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket

node=sip1.call711.com type=SYSCALL msg=audit(1301049261.254:4899): arch=c000003e syscall=59 success=yes exit=0 a0=1376c60 a1=1375490 a2=1376af0 a3=316576da70 items=0 ppid=32762 pid=388 auid=504 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=476 comm="iptables" exe="/sbin/iptables" subj=unconfined_u:system_r:iptables_t:s0 key=(null)

Expected results:
allowed access

Additional info:
The error could be resolved by build new module from the log with semodule.