View Issue Details

IDProjectCategoryView StatusLast Update
0015944CentOS-7selinux-policypublic2019-03-22 19:39
ReporterNigel Aves 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015944: SELinux is preventing fail2ban-client from 'read' accesses on the directory /var/log/virtualmin.
DescriptionDescription of problem:
New installed system. Using Virtualmin for setup of server.
SELinux is preventing fail2ban-client from 'read' accesses on the directory /var/log/virtualmin.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that fail2ban-client should be allowed read access on the virtualmin directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'fail2ban-client' --raw | audit2allow -M my-fail2banclient
# semodule -i my-fail2banclient.pp

Additional Information:
Source Context system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:var_log_t:s0
Target Objects /var/log/virtualmin [ dir ]
Source fail2ban-client
Source Path fail2ban-client
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 5.0.3-1.el7.elrepo.x86_64 #1 SMP
                              Tue Mar 19 09:51:25 EDT 2019 x86_64 x86_64
Alert Count 2
First Seen 2019-03-22 13:22:19 MDT
Last Seen 2019-03-22 13:22:19 MDT
Local ID 4c368a9f-7c3e-4536-bce7-9701a0f4c179

Raw Audit Messages
type=AVC msg=audit(1553282539.143:725): avc: denied { read } for pid=15556 comm="fail2ban-client" name="virtualmin" dev="dm-2" ino=33556156 scontext=system_u:system_r:fail2ban_client_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1


Hash: fail2ban-client,fail2ban_client_t,var_log_t,dir,read

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 5.0.3-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash353df782a750eca0ab3e109eda9baef833b88e265c718ae3639cf21eb75d7dde
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-03-22 19:39 Nigel Aves New Issue