Bug 219022 - SELinux is preventing /usr/sbin/vsftpd (ftpd_t) "getattr" access to /home/lost+found (lost_found_t).
Summary: SELinux is preventing /usr/sbin/vsftpd (ftpd_t) "getattr" access to /home/los...
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: vsftpd   
(Show other bugs)
Version: 6
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Maros Barabas
QA Contact:
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-09 13:05 UTC by Maurizio Rossi
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-14 10:14:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Step by step description of problem (358.78 KB, application/x-gzip)
2006-12-11 20:38 UTC, Maurizio Rossi
no flags Details

Description Maurizio Rossi 2006-12-09 13:05:41 UTC
Description of problem:
SELinux denied access requested by /usr/sbin/vsftpd. It is not expected that
this access is required by /usr/sbin/vsftpd and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.

Version-Release number of selected component (if applicable):
vsftpd-2.0.5-8 [application], selinux-policy-2.4.6-1.fc6 .
Selinux Enabled:True , Policy Type:targeted

How reproducible:


Steps to Reproduce:
1. From menubar of a client PC select:
Places->Connet to server
on pop-up windows select
FTP (with login)
insert:
Server: hostname of server
Folder: /home/userhomedir
User Name: userhomedir
than press button Connect

2.
3.
  
Actual results:
SELinux is preventing  access to /home/lost+found

Expected results:
No errors, with following following SElinux policy setted: Allow ftp to
read/write files in the user home directories.

Additional info:

Comment 1 Maros Barabas 2006-12-11 13:00:11 UTC
This is not a bug. Selinux implicit denied access to home dirs. Please allow ftp
write/read files in user home directories in SELinux. 

/home/lost+found is system directory on ext3 partition with read permissions
only for root. You don't have access to this directory by ftp.

Comment 2 Maurizio Rossi 2006-12-11 20:38:45 UTC
Created attachment 143320 [details]
Step by step description of problem

Comment 3 Maurizio Rossi 2006-12-11 20:47:17 UTC
Hi Maros,
I had already setted the SElinux policy for the ftp before the use of the ftp
client.

I did all step again to reproduce the problem with more info, you can see the
description in the attached file 'Step by step description of problem', the file
is a gzipped odt document with some shoot.
I hope it's enought for testing.

Many thanks,
-mr

Comment 4 Maros Barabas 2006-12-13 13:49:45 UTC
Hi Maurizio,
 thanks for document, but I think, this is not problem in vsftpd, try to connect
in other client (lftp, ftp, tftp ..) please and paste me your results.

Comment 5 Maurizio Rossi 2006-12-13 19:02:42 UTC
(In reply to comment #4)
> Hi Maurizio,
>  thanks for document, but I think, this is not problem in vsftpd, try to connect
> in other client (lftp, ftp, tftp ..) please and paste me your results.

I agree with you Maros, it seems that the problem is about nautilus maybe ...

This is my tests result:

In the terminal window using ftp client there is no problem, all is ok.

Using gftp program it's the same, I did file transfer without any selinux warning.


Note You need to log in before you can comment on or make changes to this bug.