Bug 558884 - SELinux is preventing /usr/sbin/vsftpd "net_raw" access.
Summary: SELinux is preventing /usr/sbin/vsftpd "net_raw" access.
Keywords:
Status: CLOSED DUPLICATE of bug 547339
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:019cfccfa7d...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-26 16:45 UTC by fanbt
Modified: 2010-01-27 18:40 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-01-27 12:47:37 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description fanbt 2010-01-26 16:45:55 UTC 
概述:

SELinux is preventing /usr/sbin/vsftpd "net_raw" access.

详细描述:

SELinux denied access requested by vsftpd. It is not expected that this access
is required by vsftpd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

允许访问:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

附加信息:

源上下文                  system_u:system_r:ftpd_t:s0-s0:c0.c1023
目标上下文               system_u:system_r:ftpd_t:s0-s0:c0.c1023
目标对象                  None [ capability ]
源                           vsftpd
源路径                     /usr/sbin/vsftpd
端口                        <未知>
主机                        (removed)
源 RPM 软件包             vsftpd-2.2.0-6.fc12
目标 RPM 软件包          
策略 RPM                    selinux-policy-3.6.32-69.fc12
启用 Selinux                True
策略类型                  targeted
Enforcing 模式              Enforcing
插件名称                  catchall
主机名                     (removed)
平台                        Linux (removed)
                              2.6.31.12-174.2.3.fc12.i686.PAE #1 SMP Mon Jan 18
                              20:06:44 UTC 2010 i686 i686
警报计数                  1
第一个                     2010年01月27日 星期三 00时16分09秒
最后一个                  2010年01月27日 星期三 00时16分09秒
本地 ID                     866c2505-cfa8-4368-87ab-4a1100aae869
行号                        

原始核查信息            

node=(removed) type=AVC msg=audit(1264522569.529:27082): avc:  denied  { net_raw } for  pid=9397 comm="vsftpd" capability=13 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1264522569.529:27082): arch=40000003 syscall=120 success=no exit=-1 a0=40000011 a1=0 a2=9fa338 a3=9fa338 items=0 ppid=0 pid=9397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-69.fc12,catchall,vsftpd,ftpd_t,ftpd_t,capability,net_raw
audit2allow suggests:

#============= ftpd_t ==============
allow ftpd_t self:capability net_raw;
Comment 1 Miroslav Grepl 2010-01-27 12:47:37 UTC 

*** This bug has been marked as a duplicate of bug 547339 ***
Note You need to log in before you can comment on or make changes to this bug.