From ab7de2a6f1c41439e8a384a662fcb09c365058e6 Mon Sep 17 00:00:00 2001
From: cs <cs@arcnet.online>
Date: Tue, 26 Aug 2025 21:40:13 +0200
Subject: [PATCH] Update of the fail2ban-curl-allow module to version 1.1 with
 additional permissions for accessing directories and files in etc_t,
 var_log_t, and var_run_t.

---
 deployment/fail2ban-curl-allow.te | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/deployment/fail2ban-curl-allow.te b/deployment/fail2ban-curl-allow.te
index 14c604d..12475fd 100644
--- a/deployment/fail2ban-curl-allow.te
+++ b/deployment/fail2ban-curl-allow.te
@@ -1,11 +1,23 @@
-
-module fail2ban-curl-allow 1.0;
+# deployment/fail2ban-curl-allow.te
+module fail2ban-curl-allow 1.1;
 
 require {
-	type fail2ban_t;
-	type http_cache_port_t;
-	class tcp_socket name_connect;
+    type fail2ban_t;
+    type http_cache_port_t;
+    type var_run_t;
+    type etc_t;
+    type var_log_t;
+    class tcp_socket name_connect;
+    class file { read write open execute };
+    class dir { search read };
 }
 
 #============= fail2ban_t ==============
 allow fail2ban_t http_cache_port_t:tcp_socket name_connect;
+
+# Zusätzliche benötigte Berechtigungen
+allow fail2ban_t etc_t:file { read open };
+allow fail2ban_t var_log_t:file { read open };
+allow fail2ban_t var_run_t:file { read write open };
+allow fail2ban_t var_run_t:dir search;
+allow fail2ban_t etc_t:dir search;
\ No newline at end of file