From: dominick.grift@gmail.com (Dominick Grift)
Date: Fri, 19 Oct 2012 21:33:22 +0200
Subject: [refpolicy] [PATCH 2/7] Fix startup issue with fail2ban-client
In-Reply-To: <1350672840-14590-3-git-send-email-sven.vermeulen@siphos.be>
References: <1350672840-14590-1-git-send-email-sven.vermeulen@siphos.be>
	<1350672840-14590-3-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1350675202.12496.29.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Fri, 2012-10-19 at 20:53 +0200, Sven Vermeulen wrote:
> The fail2ban-client application fails to start if it isn't allowed to create,
> connect, read and write to its own unix_stream_socket.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  fail2ban.te |    2 ++
>  1 files changed, 2 insertions(+), 0 deletions(-)
> 
> diff --git a/fail2ban.te b/fail2ban.te
> index bd529c0..ed39236 100644
> --- a/fail2ban.te
> +++ b/fail2ban.te
> @@ -124,6 +124,8 @@ optional_policy(`
>  # Client Local policy
>  #
>  
> +allow fail2ban_client_t self:unix_stream_socket { create connect write read };
> +
>  domtrans_pattern(fail2ban_client_t, fail2ban_exec_t, fail2ban_t)
>  
>  stream_connect_pattern(fail2ban_client_t, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)

This was merged ,thanks