Add patch for Dovecot 2.4 jail. Fixes BZ#2426440.

2025-12-31 12:05:28 -06:00 · 2025-12-31 12:05:28 -06:00 · 626843822e
commit 626843822e
parent 800dd5db0f 283bb7f670
1 changed files with 4 additions and 14 deletions
--- a/fail2ban.te
+++ b/fail2ban.te
@ -99,22 +99,12 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
-allow fail2ban_t fail2ban_log_t:file watch;
-gen_require(`
-        attribute logfile;
-')
-allow fail2ban_t logfile:dir { watch_dir_perms };
-allow fail2ban_t logfile:file { watch_file_perms };
 # Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
-gen_require(`
-	type var_log_t, auditd_log_t;
-')
-watch_files_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
-#logging_watch_audit_log_dirs(fail2ban_t)
-allow fail2ban_t var_log_t:dir search_dir_perms;
-watch_dirs_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
-logging_watch_generic_log_dirs(fail2ban_t)
+logging_watch_all_log_files(fail2ban_t)
+logging_watch_all_log_dirs(fail2ban_t)
+logging_watch_audit_log_files(fail2ban_t)
+logging_watch_audit_log_dirs(fail2ban_t)
 logging_watch_journal_dir(fail2ban_t)

 mta_send_mail(fail2ban_t)