From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ro-RO; rv:1.7.10) Gecko/20050717 Firefox/1.0.6

Description of problem:
Hello all,

Despite the indications given in ftpd_selinux(8) manpage and in responses to my previous post here:

https://www.redhat.com/archives/fedora-list/2005-August/msg02370.html

about /etc/selinux/targeted/contexts/files/file_contexts.local, doing a

# touch /.autorelabel; reboot
relabels

- customisable directories under /srv of type var_t instead of the manually configured ftpd_anon_rw_t;

- /var/ftp/incoming  instead of the manually configured ftpd_anon_rw_t;

This is very annoying, since any automatic relabeling will break server's functionality

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.4-10

How reproducible:
Always

Steps to Reproduce:
1. Create free-form directories under /srv (to host fileserver user data)and/or /var/ftp/incoming (to allow anonymous upload)
2. Make these directories ftpd_anon_rw_t
3. Do a touch /.autorelabel; reboot

  

Actual Results:  Directories get relabeled to types var_t (directories under /srv) and ftpd_anon_t (/var/ftp/incoming), respectively.


Expected Results:  Both should remain ftpd_anon_rw_t, in order to allow their respective functions.


Additional info:

[root@mexcentral3 ~]# ls -lZ /var/ftp
drwx------  ftp      root     system_u:object_r:ftpd_anon_t incoming


[root@mexcentral3 ~]# ls -lZ /srv
drwxrwsr-x  root     somegroup  system_u:object_r:var_t somedir

[root@mexcentral3 ~]# cat /etc/selinux/targeted/booleans.local
allow_ypbind=0
samba_enable_home_dirs=1
allow_smbd_anon_write=1
allow_ftpd_anon_write=1
ftpd_is_daemon=1

[root@mexcentral3 ~]# cat /etc/selinux/targeted/contexts/files/file_contexts.local
/var/ftp(/.*)? system_u:object_r:ftpd_anon_t /var/ftp/incoming(/.*)? system_u:object_r:ftpd_anon_rw_t