Merge branch 'rawhide' into epel8

Add patch to deal with nftables not accepting ":" as a port separator.

fail2ban.te

@@ -99,18 +99,40 @@ logging_read_syslog_pid(fail2ban_t)
 logging_dontaudit_search_audit_logs(fail2ban_t)
 logging_mmap_generic_logs(fail2ban_t)
 logging_mmap_journal(fail2ban_t)
+gen_require(`
+	type var_log_t, auditd_log_t;
+	class dir { watch };
+	class file { watch };
+')
 allow fail2ban_t fail2ban_log_t:file watch;
 # Not in EL9 yet
 #logging_watch_audit_log_files(fail2ban_t)
 gen_require(`
 	type var_log_t, auditd_log_t;
 ')
-watch_files_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
+# Not in EL8
+#watch_files_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
+allow fail2ban_t auditd_log_t:dir search_dir_perms;
+allow fail2ban_t auditd_log_t:file { getattr watch };
 #logging_watch_audit_log_dirs(fail2ban_t)
 allow fail2ban_t var_log_t:dir search_dir_perms;
-watch_dirs_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
-logging_watch_generic_log_dirs(fail2ban_t)
-logging_watch_journal_dir(fail2ban_t)
+
+# Not in EL8
+#watch_dirs_pattern(fail2ban_t, auditd_log_t, auditd_log_t)
+allow fail2ban_t auditd_log_t:dir search_dir_perms;
+allow fail2ban_t auditd_log_t:dir { getattr watch };
+
+# Not in EL8
+#logging_watch_generic_log_dirs(fail2ban_t)
+files_search_var(fail2ban_t)
+allow fail2ban_t var_log_t:dir { getattr watch };
+
+# Not in EL8
+#logging_watch_journal_dir(fail2ban_t)
+gen_require(`
+	type syslogd_var_run_t;
+')
+allow fail2ban_t syslogd_var_run_t:dir { getattr watch };
 
 mta_send_mail(fail2ban_t)