Bug 252585
Summary: | SELinux is not allowing vsftp to start when privelleged ports (other than 21 and port < 1024) is assigned to it | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | manoj <manmah4u> | ||||
Component: | vsftpd | Assignee: | Maros Barabas <mbarabas> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 5.0 | CC: | dwalsh | ||||
Target Milestone: | --- | Keywords: | Reopened | ||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-08-29 10:49:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
manoj
2007-08-16 06:16:00 UTC
Created attachment 161499 [details]
SELinux trouble shoot log
can i expect a quick response. Still waiting for your response.How many more days will u need to reply?? As in SELinux trouble shoot log: *Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /etc/httpd/conf, restorecon -v /etc/httpd/conf.* Your file context: system_u:object_r:dhcpd_state_t It should be: system_u:object_r:httpd_config_t This problem is not in vsftpd, but in labeling problems with httpd. This could be caused by your third party GUI. --- But this problem shouldn't stop vsftpd to start. If you will find another problem or error caused by vsftpd, please let me know by reopening this bug. Thanks Hi, I investigated further on this issue.This time I didn't installed the third party GUI for managing the services.On a Plain Rhel5 Enterprise Linux system with SELinux enabled in Enforcing mode I assigned port 200 to vsftpd (/etc/vsftpd/vsftpd.conf ,listen_port=200)and tried to start vsftpd using /etc/init.d/vsftpd start but it failed to start. When i changed the port to unpriveleged port 1029 and then tried starting it using /etc/init.d/vsftpd start it started . I didn't got any setroubleshoot log though . But I'm sure this is caused by SELinux. I request you to follow the method which I have given above to reproduce this bug and reply me. Thanks Manoj. Hi, Any updates about this bug.Still waiting for the response.Please go through my comment no 5. Thanks. Hi, add additional port 200 to selinux policy by: semanage port -a -p tcp -t ftp_port_t 200 SeLinux deny changing ports for some services (to <1024) by default. This is not a vsftpd bug. Thanks mbarabas. Yes this is the correct thing to do. You can customize selinux policy using semanage. (system-config-selinux) BTW If you run setroubleshoot it should give you some of this information. I dont get any setroubleshoot alert for this :( I have reverified this on multiple system.It would have been nice to get Setroubleshoot alert for this case. Thanks. |