Description of problem: SELinux is preventing /usr/sbin/vsftpd from search access on the directory /var/lib/fail2ban.

I think it wants to read /var/lib/fail2ban because i have configured in fail2ban to use the tcpwrapper for vsftpd and to write banned IP's to /var/lib/fail2ban/hosts.vsftpd.deny (this is recommended by fail2ban instead of writing directly to /etc/hosts.deny).


sealert -l 6de39053-5f9a-4fdd-8a32-ebc7e19413db
SELinux is preventing /usr/sbin/vsftpd from search access on the directory /var/lib/fail2ban.

*****  Plugin catchall_boolean (89.3 confidence) suggests  *******************

If you want to allow ftp servers to login to local users and read/write all files on the system, governed by DAC.
Then you must tell SELinux about this by enabling the 'allow_ftpd_full_access' boolean.
Do
setsebool -P allow_ftpd_full_access 1

*****  Plugin catchall (11.6 confidence) suggests  ***************************

If you believe that vsftpd should be allowed search access on the fail2ban directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep vsftpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


Version-Release number of selected component (if applicable):

selinux-policy-targeted-3.9.7-46.fc14.noarch


How reproducible: All the time


Steps to Reproduce:
1. Configure jail vsftpd in fail2ban to ban IP's to /var/lib/fail2ban/hosts.vsftpd.deny

2. Add line to /etc/hosts.deny to read /var/lib/fail2ban/hosts.vsftpd.deny

3. Restart stuff and try to ftp break in and observe messages log.
  
Actual results: vsftpd is not allowed to read /var/lib/fail2ban


Expected results: No such error


Additional info: