Bug 143333

Summary: Mail and FTP bug on Fedora3 due to SELinux configuration and compilation
Product: [Fedora] Fedora Reporter: Goran Blagojevic <blagor>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-20 19:27:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Goran Blagojevic 2004-12-19 12:52:37 UTC
Description of problem:
I cannot send any mail if mail has an attachment larger then about 4kB
whatever mail client I use (KMail, Mozilla Mail). The same thing is in
case of uploading files on FTP server. I can upload only files that
are smaller then about 4kB whatever FTP client I use (gftp, ftp). That
is why I had to install both Fedora3 and Fedora1, and made dual boot.
Actually, I use Fedora3 for working and Fedora1 for sending files, and
I am reporting bug related to Fedora3 from Fedora1. There is no
differences among disabled, permissive and enforsing SELinux mode.
Downloading messages with attachment and downloading files from FTP
server work well.

Version-Release number of selected component (if applicable):
selinux package that come with Fedora 3 (Heidelberg). I am on Fedora1
now, and I cannot execute rpm -q selinux or something like that on
Fedora3, I excuse.

How reproducible:
It is always reproducable if you use Fedora3, whatever SELinux mode is
present (disabled, permissive, enforsing), whatever mail or FTP client
you use in condition of sending file larger then about 4kB.

Steps to Reproduce:
1. Open some mail client
2. Attach file larger then about 4 kB (for example some file of 10 kB)
3. Send message
OR
1. Open some FTP client
2. Connect to FTP server
3. Put some file larger then about 4 kB (for example some file of 10
kB) from localhost to server.
  
Actual results:
Case of mail sending - KMail reports that message cannot be written on
server, Mozilla Mail reports that input cannot be collected by server.
Case of FTP uploading - gftp reports that connection to FTP server is
disconected, then it reports that file is succesfully sent, although
it is not (I cannot believe), ftp simply reports that file cannot be
written into socket.

Expected results:
Case of mail sending - Mail must be sent whatever is largeness of
attached file.
Case of FTP uploading - File must be uploaded whatever is its largeness.

Additional info:
I have read that SELinux concept is used by NSA. But, I am neither
NSA, or FBI, or CIA, or MI5, and I do not need such a high level of
security. I think that most of Fedora users do not need SELinux
configured by default as this one on Fedora3.
That is why I think that this bug is bug in sense of implementation,
not in sense of SELinux concept itself.
I hope that you will find some user friendly solution for SELinux in
next Fedora release. Otherwise, SuSE may be a good idea for most of
Fedora users, I think.
In any case, I have not time to read documentation in
/usr/share/SELinux and compile and recompile SELinux, and configure it.

Comment 1 Sitsofe Wheeler 2004-12-19 21:51:39 UTC
This is probably not an selinux bug if you aren't seeing selinux errors in dmesg (you do not say) and especially if it still does not work if when you disable selinux! Have you tried using a command line ftp client on the box itself to see if you can isolate the problem area?

Comment 2 Goran Blagojevic 2004-12-20 11:08:52 UTC
I have tried to send files using command line ftp client. That is I have tried
to send using both gftp and ftp. Command line ftp cannot write into socket as I
have said. I am persuaded that it can, but it is obstructed by something, by
SELinux I think.
There is no any SELinux error in sense of SELinux itself, that is bug in sense
of implementation. In fact, I installed Fedora 3 three times. First time, I
choose disabled SELinux. Second time, I choose "warning" SELinux, that is
permissive. Third time, I choose "active" SELinux, that is enforsing. Sending
files larger then about 4kB does not work in any case. It does not work on fresh
installed Fedora 3, it does not work if I change SELinux mode by setenforce
command, it does not work if I change mode in SELinux config file and reboot my
computer, it does not work if I execute restorecon command, it does not work if
I execute fixfiles command. It does not work at all, in any case.
I think that it will work if I reconfigure, recompile, reinstall SELinux, and
recontext and relabel files. But, in that case I must read documentation and
spend a lot of time that I have not. Because of that I have installed both
Fedora 3 and Fedora 1, and made dual boot.

Goran

(In reply to comment #1)
> This is probably not an selinux bug if you aren't seeing selinux errors in
dmesg (you do not say) and especially if it still does not work if when you
disable selinux! Have you tried using a command line ftp client on the box
itself to see if you can isolate the problem area?

Comment 3 Daniel Walsh 2004-12-20 13:54:49 UTC
This is not an SELinux bug.

Comment 4 Colin Walters 2004-12-20 14:51:57 UTC
Indeed, if it doesn't work if you disabled SELinux entirely, it's
extremely unlikely to be a SELinux bug.  

My guess is what you're really getting bitten by is the TCP window
scaling:

http://lwn.net/Articles/92727/


Comment 5 Goran Blagojevic 2004-12-20 17:13:49 UTC
If you say that is not related to SELinux, it is not.

I have visited:
http://lwn.net/Articles/92727/
and I added into:
/etc/sysctl.conf
line like:
net.ipv4.tcp_default_win_scale = 0
as suggested, and nothing was happened. Files larger then about 4kB
cannot be sent still.

Something is wrong, and somebody will find out what, I am sure.

Goran

Comment 6 Colin Walters 2004-12-20 17:24:54 UTC
Did you reboot after adding that line?  What if you do:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling


Comment 7 Goran Blagojevic 2004-12-20 19:19:28 UTC
Yes, I rebooted my computer.

I did not tried:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
because on:
http://lwn.net/Articles/92727/
these two ways are presented as the same ones.
I tried:
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
a half an hour ago, without and with rebooting my computer, and there
was no any result.

In fact, the same problem with sending files I had on Fedora 2 but
very, very, very occasionally, and I thought that bad phone line was a
reason. That is why I did not make dual boot for Fedora 3 and Fedora
2, but for Fedora 3 and Fedora 1.

Comment 8 Colin Walters 2004-12-20 19:27:52 UTC
Ok, I'm out of ideas then.  You might try posting to
fedora-list.  Regardless, I'm pretty sure this is not a
SELinux bug.  That's not to say there's not possibly a bug somewhere
else in Fedora; if you can narrow the problem down anymore, please
open a new bug on that component.