Description of problem: pure-ftpd is running unconfined even though the pure-ftpd-selinux package is installed Version-Release number of selected component (if applicable): pure-ftpd.x86_64 1.0.42-3.el7 @epel pure-ftpd-selinux.x86_64 1.0.42-3.el7 @epel How reproducible: always Steps to Reproduce: # yum install epel-release # yum install pure-ftpd pure-ftpd-selinux # systemctl start pure-ftpd # ps -eZ |grep pure-ftpd The last command will show that the process is running in system_u:system_r:unconfined_service_t:s0 Actual results: pure-ftpd is running in the unconfined_service_t selinux domain Expected results: pure-ftpd should be running in the ftpd_t selinux domain Additional info: The problem seems to come from the fact that systemd executes the daemon through the /usr/sbin/pure-config.pl file. The label on this file is system_u:object_r:bin_t:s0. So the daemon does not transition into the ftpd_t domain. Changing the context to ftpd_exec_t seems to fix the problem (That obviously won't survive a relabel, it's just to show the fix): # chcon -t ftpd_exec_t /usr/sbin/pure-config.pl # systemctl restart pure-ftpd # ps -eZ |grep pure-ftpd Will now show pure-ftpd correctly running in system_u:system_r:ftpd_t.
I made changes that seems like they'd work, but couldn't verify because I couldnt find the pure-config.pl file. I see where its referenced but i checked the latest sources and no file. there are changelog comments about a pure-config.py script, but i dont see that either. i did find a reference to this problem in debian pakcaging a while back https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=171646 Any suggestions?
Hi Greg, I tested on fedora 33 and RHEL8 today (with pure-ftpd 1.0.49-6.fc33 and 1.0.49-4.el8) and the issue has been fixed, the daemon is correctly running in ftpd_t. The pure-config.pl file seems to have been removed from the package. The original post That was 4 years ago so i guess a lot has changed since then ;) Vincent
Okay.. will close then.. sorry about that. not sure how i never saw this.