Bug 155958 - vsftpd cann't do anonymous upload
vsftpd cann't do anonymous upload
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-26 02:10 EDT by han pingtian
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-26 08:39:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description han pingtian 2005-04-26 02:10:11 EDT
Description of problem:
when do anonymous upload with vsftpd, always be failure. And the
/var/log/message contains this message:

kernel: audit(1114495188.214:0): avc:  denied  { write } for  pid=4661
exe=/usr/sbin/vsftpd name=pub dev=hda7 ino=587229
scontext=system_u:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t tclass=dir
Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.12-4

How reproducible:
anonymous ftp with selinux-policy-targeted enabled

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Walsh 2005-04-26 08:39:44 EDT
You need to set the upload directory to ftpd_anon_rw_t.

chcon -t ftpd_anon_rw_t /var/ftp/ftp/upload

man ftpd_selinux describes this.

Comment 2 han pingtian 2005-04-26 22:03:43 EDT
thanks a lot.

another question: when boot the mechine, it reports those informations:
.......
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
audit(1114592249.835:0): avc:  denied  { search } for  name=1 dev=proc ino=65538
scontext=system_
u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=475 dev=proc
ino=31129602 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=486 dev=proc
ino=31850498 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:initrc_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=543 dev=proc
ino=35586050 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=546 dev=proc
ino=35782658 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=559 dev=proc
ino=36634626 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=564 dev=proc
ino=36962306 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=569 dev=proc
ino=37289986 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.838:0): avc:  denied  { search } for  name=575 dev=proc
ino=37683202 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=576 dev=proc
ino=37748738 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=578 dev=proc
ino=37879810 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=595 dev=proc
ino=38993922 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=639 dev=proc
ino=41877506 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:initrc_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=647 dev=proc
ino=42401794 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=649 dev=proc
ino=42532866 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir

what's wrong?
Comment 3 Daniel Walsh 2005-04-27 08:02:46 EDT
Your using Rawhide :^)

Update to latest policy and alot of these should be fixed.

Kernel_t needs to have unconfined privs.

Dan

Note You need to log in before you can comment on or make changes to this bug.