fail2ban: allow reading net sysctls
type=AVC msg=audit(1696613589.191:194926): avc: denied { search } for pid=1724 comm="f2b/f.dovecot" name="net" dev="proc" ino=2813 scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0 Signed-off-by: Kenton Groombridge <concord@gentoo.org>
This commit is contained in:
parent
ddc6ac493c
commit
cd781e783e
|
@ -62,6 +62,7 @@ manage_sock_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
|
||||||
manage_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
|
manage_files_pattern(fail2ban_t, fail2ban_runtime_t, fail2ban_runtime_t)
|
||||||
files_runtime_filetrans(fail2ban_t, fail2ban_runtime_t, file)
|
files_runtime_filetrans(fail2ban_t, fail2ban_runtime_t, file)
|
||||||
|
|
||||||
|
kernel_read_net_sysctls(fail2ban_t)
|
||||||
kernel_read_system_state(fail2ban_t)
|
kernel_read_system_state(fail2ban_t)
|
||||||
kernel_read_vm_overcommit_sysctl(fail2ban_t)
|
kernel_read_vm_overcommit_sysctl(fail2ban_t)
|
||||||
kernel_search_fs_sysctls(fail2ban_t)
|
kernel_search_fs_sysctls(fail2ban_t)
|
||||||
|
|
Loading…
Reference in New Issue