Bug 150163 - vsftpd won't start from init scripts
vsftpd won't start from init scripts
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-02 23:18 EST by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-07 10:40:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2005-03-02 23:18:49 EST
Description of problem:

This appears to be an selinux issue, but I'm not seeing any audit messages.  In
enforcing mode, vsftpd won't start from scripts.  strace shows that when it
tries to bind to port 21 it returns EACCESS.  If I start it from the comand line
directly, it runs fine.  When started from init scripts it runs in the ftp_t
domain, but in the unconfined_t domain when run from a root shell.

Disabling selinux allows vsftpd to start from the init script.
 
System has been relabeled.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.15-3

How reproducible:
Every time
Comment 1 Daniel Walsh 2005-03-07 10:14:44 EST
Is boole ftpd_is_daemon turned on?

setsebool -P ftpd_is_daemon 1

Should fix this.
Comment 2 Orion Poplawski 2005-03-07 10:40:03 EST
I thought this was set, but I must have been reading the diff of
booleans/booleans.rpmnew wrong.  Setting it fixed it.  Sorry about that.

Comment 3 Orion Poplawski 2005-03-08 13:12:00 EST
Is there any way to allow anonymous uploads?  ftpd_t does not appear to have
write permission to many labels except ftpd_temp_t?
Comment 4 Daniel Walsh 2005-03-08 14:09:52 EST
New type added ftpd_anon_rw_t.

selinux-policy-targeted-1.21.15-7

Note You need to log in before you can comment on or make changes to this bug.