service not starting via systemd but no AVCs are generated
Ed Greshko
Ed.Greshko at greshko.com
Tue Jul 9 12:29:44 UTC 2013
Hi,
On F19 the service fail2ban won't start via systemd with selinux in enforcing mode.
The error in the message log indicates....
fail2ban-client[2804]: ERROR Directory /var/run/fail2ban exists but not accessible for writing
But, if you execute the command in the service file from the command line....
[root at f18x log]# /usr/bin/fail2ban-client -x start
2013-07-09 18:46:10,558 fail2ban.server : INFO Starting Fail2ban v0.8.10
2013-07-09 18:46:10,559 fail2ban.server : INFO Starting in daemon mode
It starts and you can see the files created in /var/run/fail2ban
[root at f18x fail2ban]# pwd
/var/run/fail2ban
[root at f18x fail2ban]# ls
fail2ban.pid fail2ban.sock
And if you put selinux in permissive mode....
[root at f18x fail2ban]# pwd
/var/run/fail2ban
[root at f18x fail2ban]# ls
[root at f18x fail2ban]# setenforce 0
[root at f18x fail2ban]# systemctl start fail2ban
[root at f18x fail2ban]# ls
fail2ban.pid fail2ban.sock
So it is running with selinux placed in permissive mode.....
But, no AVC are ever thrown to the audit log.
How to figure out what is the culprit?
--
The only thing worse than a poorly asked question is a cryptic answer.
More information about the selinux
mailing list