Bug 427661 - SELinux stops vsftpd from working correctly
Summary: SELinux stops vsftpd from working correctly
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: 8
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tomas Smetana
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-01-06 12:20 UTC by Volans
Modified: 2008-01-15 22:52 UTC (History)
0 users

Fixed In Version: 3.7.6-2.1.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-15 22:52:24 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
The text returned by SELinux troubleshooter (3.08 KB, text/plain)
2008-01-06 12:20 UTC, Volans
no flags Details

Description Volans 2008-01-06 12:20:12 UTC
Description of problem:

SELinux stops vsftpd from working correctly.

Version-Release number of selected component (if applicable):



How reproducible:

The policy stops vsftpd from writing to it's log vsftpd.conf, located in
/var/log . Since vsftp sees it's access denied to that file, it doesn't work.

Steps to Reproduce:
1. Start vsftpd
2. Try to open the FTP page using a browser
3. You see on the screen an information telling that SELinux prevented access to
vsftpd.log, from vsftpd
  
Actual results:

The browser keeps waiting for a response from the FTP server, that never comes,
even if you try loopback.

Expected results:

Told already.

Additional info:

This error doesn't happen always. It happens from times to times, usualy after
restarting PC. I follow the directions told by SELinux, to make this:
/sbin/restorecon -v /var/log/vsftp.log, and everything goes back to normal.
After some time it happens again.

Comment 1 Volans 2008-01-06 12:20:12 UTC
Created attachment 290907 [details]
The text returned by SELinux troubleshooter

Comment 2 Daniel Walsh 2008-01-08 18:48:09 UTC
This sounds like the broken logrotate bug loosing security context problem.

Comment 3 Tomas Smetana 2008-01-09 08:54:22 UTC
I have a fix, so please wait for the updated logrotate.

Comment 4 Fedora Update System 2008-01-11 22:04:03 UTC
logrotate-3.7.6-2.1.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logrotate'

Comment 5 Fedora Update System 2008-01-15 22:52:21 UTC
logrotate-3.7.6-2.1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.