Selinux: Shorewall will not respond to fail2ban, why?

asked 2015-06-11 02:52:02 -0600

tntrush gravatar image

updated 2015-06-11 08:09:29 -0600

I am using fail2ban with shorewall and my Fedora 21 server & cloud are all flooded with the following error message:

SELinux is preventing shorewall from write access on the file /tmp/fai2ban.[stderr|stdout] (deleted). For complete SELinux messages. run sealert -l ...

As a result, shorewall will not actually ban the ip that fail2ban already considers banned.

Running sealert -l on the specified file will not produce anything since the file is deleted.

The same happens when I am trying to make the relevant policy active:

[root@fedora server]# semodule -i shorewall.pp
libsepol.print_missing_requirements: shorewall's global requirements were not met: type/attribute shorewall_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

How could I solve this issue?

edit retag flag offensive close merge delete


Checking the man page for sealert, I see that -l (There is no -1 option.) allows you to look up an alert ID, which should have been part of the error message. If not, try running it in GUI mode from the System menu.

sideburns gravatar imagesideburns ( 2015-06-11 12:44:20 -0600 )edit

Thank you for the answer. It is not clear in my post, but I followd the exact command the error message was producing which failed saying that the file does not exist. Actually, I have just filed a bug

tntrush gravatar imagetntrush ( 2015-06-12 15:27:10 -0600 )edit