Created attachment 766751 [details] SELinux module policy file fail2ban-firewall-cmd.te Description of problem: SELinux does not allow fail2ban to use "firewall-cmd" in an fail2ban action script. I provide in the attachment a SELinux module policy that allows that. It would be nice if this would be added to the targeted policy. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.12.1-54.fc19.noarch How reproducible: Always For an example and use case of "firewall-cmd" in fail2ban see bug #979622 .
commit f1b66fd1c531db657efef84a6f1527d11615e956 adds these rules to git.
selinux-policy-3.12.1-59.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-59.fc19
Package selinux-policy-3.12.1-59.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-59.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-12373/selinux-policy-3.12.1-59.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-59.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.