fail2ban: allow reading net sysctls

type=AVC msg=audit(1696613589.191:194926): avc:  denied  { search } for  pid=1724 comm="f2b/f.dovecot" name="net" dev="proc" ino=2813 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0

Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
Kenton Groombridge 2024-05-06 15:58:20 -04:00 committed by 0xC0ncord
parent ddc6ac493c
commit cd781e783e
1 changed files with 1 additions and 0 deletions

View File

@ -62,6 +62,7 @@ manage_sock_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
manage_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t) manage_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
files_runtime_filetrans(fail2ban_t, fail2ban_runtime_t, file) files_runtime_filetrans(fail2ban_t, fail2ban_runtime_t, file)
kernel_read_net_sysctls(fail2ban_t)
kernel_read_system_state(fail2ban_t) kernel_read_system_state(fail2ban_t)
kernel_read_vm_overcommit_sysctl(fail2ban_t) kernel_read_vm_overcommit_sysctl(fail2ban_t)
kernel_search_fs_sysctls(fail2ban_t) kernel_search_fs_sysctls(fail2ban_t)