Bug 698043

Summary: SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
Product: Red Hat Enterprise Linux 5 Reporter: Thomas Harold <thomas>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: low Docs Contact:
Priority: medium    
Version: 5.8CC: dwalsh, jrieden, mmalik
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-2.4.6-306.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-21 09:20:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Thomas Harold 2011-04-20 02:55:06 UTC 
Description of problem:

From: /var/log/messages after "service vsftpd restart"

setroubleshoot: SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l cea35029-4b31-4545-911f-03edaa2e90c2

# sealert -l cea35029-4b31-4545-911f-03edaa2e90c2

Summary:

SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).

Detailed Description:

SELinux denied access requested by vsftpd. It is not expected that this access
is required by vsftpd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:system_r:ftpd_t
Target Context                user_u:system_r:ftpd_t
Target Objects                None [ capability ]
Source                        vsftpd
Source Path                   <Unknown>
Port                          <Unknown>
Host                          lfvsfcp10116
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-300.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     lfvsfcp10116
Platform                      Linux lfvsfcp10116 2.6.18-238.9.1.el5 #1 SMP Fri
                              Mar 18 12:42:39 EDT 2011 x86_64 x86_64
Alert Count                   3
First Seen                    Tue Apr 19 21:06:14 2011
Last Seen                     Tue Apr 19 22:31:14 2011
Local ID                      cea35029-4b31-4545-911f-03edaa2e90c2
Line Numbers                  

Raw Audit Messages            

host=lfvsfcp10116 type=AVC msg=audit(1303266674.916:5101): avc:  denied  { kill } for  pid=31657 comm="vsftpd" capability=5 scontext=user_u:system_r:ftpd_t:s0 tcontext=user_u:system_r:ftpd_t:s0 tclass=capability

Version-Release number of selected component (if applicable):

libselinux.x86_64                         1.33.4-5.7.el5               installed
selinux-policy.noarch                     2.4.6-300.el5                installed
selinux-policy-devel.noarch               2.4.6-300.el5                installed
selinux-policy-targeted.noarch            2.4.6-300.el5                installed
setroubleshoot.noarch                     2.0.5-5.el5                  installed
setroubleshoot-plugins.noarch             2.0.4-2.el5                  installed
setroubleshoot-server.noarch              2.0.5-5.el5                  installed
vsftpd.x86_64                             2.0.5-16.el5_6.1             installed

How reproducible:

Happens every time that the vsftpd service is restarted with SELinux in enforcing/targeted.

Steps to Reproduce:
1. # service vsftpd restart
2. look in /var/log/messages for a setroubleshoot message
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Miroslav Grepl 2011-05-19 15:27:21 UTC 
Fixed in selinux-policy-2.4.6-306.el5
Comment 5 errata-xmlrpc 2011-07-21 09:20:04 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html
Comment 6 errata-xmlrpc 2011-07-21 11:56:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html