Starting fail2ban in systemd fails with error: ERROR There is no directory /run/fail2ban to contain the socket file /run/fail2ban/fail2ban.sock. I tried fail2ban versions 0.9.3-r1 and 0.9.4 with the same results. While /run/fail2ban is created by openrc ebuild, this is ignored in systemd service. I am not sure about how this should be done, on arch linux forums there is a solution to create a file /etc/tmpfiles.d/fail2ban.conf with one line: D /run/fail2ban 0755 root root - Reproducible: Always Steps to Reproduce: 1. systemctl start fail2ban 2. ??? 3. PROFIT
Another solution I found is to add a line ExecStartPre=/bin/mkdir -p /run/fail2ban to the systemd unit file. Or to add RuntimeDirectory=fail2ban to the systemd unit file.
Created attachment 430190 [details, diff] Patch for fail2ban-0.9.4 This is a really simple patch for fail2ban-0.9.4 that fixes the problem. Patch for 0.9.3 would be different, because systemd unit file is different. Note that this patch has to be applied *before* /var/run -> /run replacement in the ebuild.
(In reply to Alexey Korepanov from comment #1) Either method would work, though I personally prefer the RuntimeDirectory approach.
I am a bit suspicious of RuntimeDirectory, I do not know what systemd does with RuntimeDirectory=fail2ban if the folder /run/fail2ban already exists (is created by tmpfiles.d).
So test it?
Ok, I tested it. If the directory exists, then it is happily used, and after the service stops it is removed. But I couldn't find this behaviour documented. That is, I don't expect a problem, but using RuntimeDirectory is somewhat less clear than mkdir. Personally I'd be fine with both, but would prefer mkdir :-)
(In reply to Alexey Korepanov from comment #6) Oh, we already install a tmpfiles fragment for this. /usr/lib/tmpfiles.d/fail2ban-tmpfiles.conf So you either need to reboot or run the following after installation: systemd-tmpfiles --create fail2ban-tmpfiles.conf A better solution would be to have upstream replace the tmpfiles fragment with the RuntimeDirectory setting.
OK, thank you. I didn't notice that tmpfiles.d file is already installed, and I did not reboot for a very long time. I created an issue on fail2ban's github 5 days ago https://github.com/fail2ban/fail2ban/issues/1384
*** Bug 601424 has been marked as a duplicate of this bug. ***
This has been fixed in fail2ban-0.10 https://github.com/fail2ban/fail2ban/pull/1618/commits/1cd67ecaa260bdaa6e62383ed783d5910587c258 But 0.10 is not yet stable. When it is stabilized, this bug is resolved.
(In reply to Alexey Korepanov from comment #10) > This has been fixed in fail2ban-0.10