Bug 428551
Summary: | SELinux is preventing /usr/sbin/proftpd (ftpd_t) "search" to (crond_t). | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | David <webmaster> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | 7 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-15 14:47:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David
2008-01-13 05:52:05 UTC
Raw Audit Messages :avc: denied { search } for comm="in.proftpd" egid=0 euid=0 exe="/usr/sbin/proftpd" exit=205729777 fsgid=0 fsuid=0 gid=2524 items=0 pid=22365 scontext=system_u:system_r:ftpd_t:s0 sgid=0 subj=system_u:system_r:ftpd_t:s0 suid=0 tclass=key tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tty=(none) uid=10001 *** Bug 428552 has been marked as a duplicate of this bug. *** First off this is a bug in configuration. But I do not understand how you get to this. It looks like proftp executed a pam_keyinit and then somehow started cron. Maybe I can explain. The server has several domains on it. I have three external camera's that ftp in images every 1 minute. Now they themselves login via ftp and put the image into the domains /httpdocs/images So I assume that pam is validating the ftp log in? Cron, well you got me unless as its occuring every 1 minute exactly (synced off the gps ntpd server on the network) its assuming cron? There are some scripts that run by con on the domains, but these use wget to fetch stuff not proftp, so its got to be the camera's ftping in. Its extremly annoying, 3 camera's ftp in 1 image every 1 minute, and 1 remote camera ftp's in 1 image every 5 minutes, in other words a LOT of generated messages. What more info would you like? Remove pam_keyinit from the cron pam file (system-auth) will probably get rid of it. Or you could allow this, by executing # grep crond /var/log/audit/audit.log | audit2allow -M mycron # semodule -i mycron.pp It is not a security problem. |