Bug 245077

Summary: vsftpd does not work with SELinux anymore.
Product: [Fedora] Fedora Reporter: Eliran Itzhak <eliranitzhak>
Component: vsftpdAssignee: Maros Barabas <mbarabas>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-26 18:57:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eliran Itzhak 2007-06-20 20:41:12 UTC 
Description of problem:
Can't login to vsftpd when SELinux is set to Enforce.

Version-Release number of selected component (if applicable):
Linux main 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 i686 i386
GNU/Linux

How reproducible:


Steps to Reproduce:
1. Enable selinux, try to login to ftp
2.
3.
  
Actual results:
no ftp username is accepted.

Expected results:


Additional info:
This is what I get in /var/log/messages
audit(1182370180.362:1092): avc:  denied  { execute } for  pid=20420
comm="vsftpd" name="unix_update" dev=cciss/c0d0p3 ino=4676768
scontext=root:system_r:ftpd_t:s0 tcontext=system_u:object_r:updpwd_exec_t:s0
tclass=file
Comment 1 Maros Barabas 2007-06-21 07:06:46 UTC 
Please send me output from: 

     # getsebool -a | grep ftp

and your configuration file (/etc/vsftpd/vsftpd.conf). 

Thanks
Comment 2 Michal Schmidt 2007-06-26 18:51:31 UTC 
I could reproduce the problem with selinux-policy-targeted-2.6.4-14.fc7. I 
enabled "local_enable=YES" in vsftpd.conf, tried to login as a local user and 
got the same AVC denial. Apparently it is already fixed in CVS since 
selinux-policy version 2.6.4-18.fc7. I am now using 2.6.4-23.fc7 without this 
problem.
Comment 3 Eliran Itzhak 2007-06-26 18:57:30 UTC 
The problem is solved with last night's yum update. Thanks.