fail2ban: allow reading vm overcommit sysctl

Signed-off-by: Kenton Groombridge <me@concord.sh>
2021-03-11 21:13:55 -05:00 · 2021-03-11 21:13:55 -05:00 · 45dd9358e5
commit 45dd9358e5
parent 372f9cc658
1 changed files with 1 additions and 0 deletions
--- a/policy/modules/services/fail2ban.te
+++ b/policy/modules/services/fail2ban.te
@ -63,6 +63,7 @@ manage_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
 files_runtime_filetrans(fail2ban_t, fail2ban_runtime_t, file)

 kernel_read_system_state(fail2ban_t)
+kernel_read_vm_overcommit_sysctl(fail2ban_t)
 kernel_search_fs_sysctls(fail2ban_t)

 corecmd_exec_bin(fail2ban_t)