Bug 245077 - vsftpd does not work with SELinux anymore.
vsftpd does not work with SELinux anymore.
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Maros Barabas
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-06-20 16:41 EDT by Eliran Itzhak
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-26 14:57:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eliran Itzhak 2007-06-20 16:41:12 EDT
Description of problem:
Can't login to vsftpd when SELinux is set to Enforce.

Version-Release number of selected component (if applicable):
Linux main 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 i686 i386

How reproducible:

Steps to Reproduce:
1. Enable selinux, try to login to ftp
Actual results:
no ftp username is accepted.

Expected results:

Additional info:
This is what I get in /var/log/messages
audit(1182370180.362:1092): avc:  denied  { execute } for  pid=20420
comm="vsftpd" name="unix_update" dev=cciss/c0d0p3 ino=4676768
scontext=root:system_r:ftpd_t:s0 tcontext=system_u:object_r:updpwd_exec_t:s0
Comment 1 Maros Barabas 2007-06-21 03:06:46 EDT
Please send me output from: 

     # getsebool -a | grep ftp

and your configuration file (/etc/vsftpd/vsftpd.conf). 

Comment 2 Michal Schmidt 2007-06-26 14:51:31 EDT
I could reproduce the problem with selinux-policy-targeted-2.6.4-14.fc7. I 
enabled "local_enable=YES" in vsftpd.conf, tried to login as a local user and 
got the same AVC denial. Apparently it is already fixed in CVS since 
selinux-policy version 2.6.4-18.fc7. I am now using 2.6.4-23.fc7 without this 
Comment 3 Eliran Itzhak 2007-06-26 14:57:30 EDT
The problem is solved with last night's yum update. Thanks.

Note You need to log in before you can comment on or make changes to this bug.