Description of problem: after I have upgraded from F10 to F11 vsftpd stopped working. Version-Release number of selected component (if applicable): selinux-policy-3.6.12-57.fc11.noarch selinux-policy-targeted-3.6.12-57.fc11.noarch vsftpd-2.1.2-1.fc11.i586 How reproducible: always Steps to Reproduce: service vsftpd start telnet 127.0.0.1 21 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. Connection closed by foreign host. From audit.log: type=AVC msg=audit(1246272811.641:27075): avc: denied { sys_admin } for pid=14201 comm="vsftpd" capability=21 scontext=unconfined_u:system_r:ftpd_t:s0 tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability type=SYSCALL msg=audit(1246272811.641:27075): arch=40000003 syscall=120 success=no exit=-1 a0=28000011 a1=0 a2=37e334 a3=37e334 items=0 ppid=1 pid=14201 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=766 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0 key =(null) strace: accept(3, {sa_family=AF_INET, sin_port=htons(54423), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0 clone(child_stack=0, flags=0x28000000|SIGCHLD) = -1 EPERM (Operation not permitted) close(0) = 0 Actual results: vsftpd cannot spawn children Expected results: vsftpd working Additional info: I'm becoming root via "sudo su -"
If you just want this to work you can # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
*** This bug has been marked as a duplicate of bug 508138 ***