Description of problem: Can't login to vsftpd when SELinux is set to Enforce. Version-Release number of selected component (if applicable): Linux main 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 i686 i386 GNU/Linux How reproducible: Steps to Reproduce: 1. Enable selinux, try to login to ftp 2. 3. Actual results: no ftp username is accepted. Expected results: Additional info: This is what I get in /var/log/messages audit(1182370180.362:1092): avc: denied { execute } for pid=20420 comm="vsftpd" name="unix_update" dev=cciss/c0d0p3 ino=4676768 scontext=root:system_r:ftpd_t:s0 tcontext=system_u:object_r:updpwd_exec_t:s0 tclass=file
Please send me output from: # getsebool -a | grep ftp and your configuration file (/etc/vsftpd/vsftpd.conf). Thanks
I could reproduce the problem with selinux-policy-targeted-2.6.4-14.fc7. I enabled "local_enable=YES" in vsftpd.conf, tried to login as a local user and got the same AVC denial. Apparently it is already fixed in CVS since selinux-policy version 2.6.4-18.fc7. I am now using 2.6.4-23.fc7 without this problem.
The problem is solved with last night's yum update. Thanks.