Description of problem: to enable anonymous uploads, the man ftpd_selinux says to update the file says to update the file context database, and then run restorecon. If run as suggested, the restorecon command will not set the type to "public_content_rw_t" because the "/var/ftp/incoming" directory already has a customizable type. Steps to Reproduce: 1. Install vsftpd 2. Edit vsftpd.conf to enable anonymous uploads 3. mkdir /var/ftp/incoming 4. read and follow the ftpd_selinux man page (set a boolean, semanage fcontext, restorecon) Actual results: /var/ftp/incoming remain "public_content_t" Expected results: /var/ftp/incoming should be "public_content_rw_t" The fix: add the "-F" option to restorecon in ftpd_selinux man page to force it to set to public_content_rw_t.
Fixed in selinux-policy-2.4.6-283.el5.noarch
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: The ftpd_selinux manual page describes how to allow FTP servers to read from and write to the /var/ftp/incoming/ directory. However, these instructions contained an error, and running the restorecon command with the recommended command line options did not produce the expected results. With this update, the manual page has been corrected, and no longer contains misleading information.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html