Bug 219022

Summary: SELinux is preventing /usr/sbin/vsftpd (ftpd_t) "getattr" access to /home/lost+found (lost_found_t).
Product: [Fedora] Fedora Reporter: Maurizio Rossi <mrzrss>
Component: vsftpdAssignee: Maros Barabas <mbarabas>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6Keywords: Reopened
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-14 10:14:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Step by step description of problem none

Description Maurizio Rossi 2006-12-09 13:05:41 UTC 
Description of problem:
SELinux denied access requested by /usr/sbin/vsftpd. It is not expected that
this access is required by /usr/sbin/vsftpd and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Version-Release number of selected component (if applicable):
vsftpd-2.0.5-8 [application], selinux-policy-2.4.6-1.fc6 .
Selinux Enabled:True , Policy Type:targeted

How reproducible:


Steps to Reproduce:
1. From menubar of a client PC select:
Places->Connet to server
on pop-up windows select
FTP (with login)
insert:
Server: hostname of server
Folder: /home/userhomedir
User Name: userhomedir
than press button Connect

2.
3.
  
Actual results:
SELinux is preventing  access to /home/lost+found

Expected results:
No errors, with following following SElinux policy setted: Allow ftp to
read/write files in the user home directories.

Additional info:
Comment 1 Maros Barabas 2006-12-11 13:00:11 UTC 
This is not a bug. Selinux implicit denied access to home dirs. Please allow ftp
write/read files in user home directories in SELinux. 

/home/lost+found is system directory on ext3 partition with read permissions
only for root. You don't have access to this directory by ftp.
Comment 2 Maurizio Rossi 2006-12-11 20:38:45 UTC 
Created attachment 143320 [details]
Step by step description of problem
Comment 3 Maurizio Rossi 2006-12-11 20:47:17 UTC 
Hi Maros,
I had already setted the SElinux policy for the ftp before the use of the ftp
client.

I did all step again to reproduce the problem with more info, you can see the
description in the attached file 'Step by step description of problem', the file
is a gzipped odt document with some shoot.
I hope it's enought for testing.

Many thanks,
-mr
Comment 4 Maros Barabas 2006-12-13 13:49:45 UTC 
Hi Maurizio,
 thanks for document, but I think, this is not problem in vsftpd, try to connect
in other client (lftp, ftp, tftp ..) please and paste me your results.
Comment 5 Maurizio Rossi 2006-12-13 19:02:42 UTC 
(In reply to comment #4)
> Hi Maurizio,
>  thanks for document, but I think, this is not problem in vsftpd, try to connect
> in other client (lftp, ftp, tftp ..) please and paste me your results.

I agree with you Maros, it seems that the problem is about nautilus maybe ...

This is my tests result:

In the terminal window using ftp client there is no problem, all is ok.

Using gftp program it's the same, I did file transfer without any selinux warning.