[Python-modules-team] Bug#956177: fail2ban: daemon startup should not access /root/.local
Sylvestre Ledru
sylvestre at debian.org
Tue Apr 14 17:36:43 BST 2020
Le 08/04/2020 à 04:51, Russell Coker a écrit :
> Package: fail2ban
> Version: 0.11.1-1
> Severity: normal
>
> type=AVC msg=audit(1586313861.749:37): avc: denied { search } for pid=704 comm="fail2ban-server" name=".local" dev="sdb2" ino=31516 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:xdg_data_t:s0 tclass=dir permissive=0
>
> Above is a SE Linux audit message generated by fail2ban starting on system
> boot. It is trying to access /root/.local which is inappropriate for a daemon.
> No system configuration should be under /root/ and any daemon which accesses
> that could give unexpected results.
Hello Russell,
Could you please reply to https://github.com/fail2ban/fail2ban/issues/2688#issuecomment-613543589 ?
(I also looked at the code and could not find where /root/.local would be loaded)
Cheers,
Sylvestre
More information about the Python-modules-team
mailing list