508654 – vsftpd doesn't work at all

Bug 508654 - vsftpd doesn't work at all

Summary: vsftpd doesn't work at all

Keywords:
Status:	CLOSED DUPLICATE of bug 508138
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	11
Hardware:	i386
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-06-29 10:58 UTC by Artem S. Tashkinov
Modified:	2009-06-29 11:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-06-29 11:12:30 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Artem S. Tashkinov 2009-06-29 10:58:05 UTC

Description of problem: after I have upgraded from F10 to F11 vsftpd stopped working.

Version-Release number of selected component (if applicable):

selinux-policy-3.6.12-57.fc11.noarch
selinux-policy-targeted-3.6.12-57.fc11.noarch
vsftpd-2.1.2-1.fc11.i586

How reproducible:  always

Steps to Reproduce:

service vsftpd start

telnet 127.0.0.1 21
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.

From audit.log:

type=AVC msg=audit(1246272811.641:27075): avc:  denied  { sys_admin } for  pid=14201 comm="vsftpd" capability=21 scontext=unconfined_u:system_r:ftpd_t:s0 tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1246272811.641:27075): arch=40000003 syscall=120 success=no exit=-1 a0=28000011 a1=0 a2=37e334 a3=37e334 items=0 ppid=1 pid=14201 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=766 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0 key
=(null)

strace:

accept(3, {sa_family=AF_INET, sin_port=htons(54423), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
clone(child_stack=0, flags=0x28000000|SIGCHLD) = -1 EPERM (Operation not permitted)
close(0)                                = 0
  
Actual results: vsftpd cannot spawn children

Expected results: vsftpd working

Additional info: I'm becoming root via "sudo su -"

Comment 1 Miroslav Grepl 2009-06-29 11:11:37 UTC

If you just want this to work you can

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Comment 2 Miroslav Grepl 2009-06-29 11:12:30 UTC


*** This bug has been marked as a duplicate of bug 508138 ***

Note You need to log in before you can comment on or make changes to this bug.