Bug 698043 - SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
Summary: SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy
Version: 5.8
Hardware: x86_64
OS: Linux
medium
low
Target Milestone: rc
: ---
Assignee: Miroslav Grepl
QA Contact: Milos Malik
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-04-20 02:55 UTC by Thomas Harold
Modified: 2012-09-24 13:46 UTC (History)
3 users (show)

Fixed In Version: selinux-policy-2.4.6-306.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-21 09:20:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1069 0 normal SHIPPED_LIVE selinux-policy bug fix and enhancement update 2011-07-21 09:18:27 UTC

Description Thomas Harold 2011-04-20 02:55:06 UTC 
Description of problem:

From: /var/log/messages after "service vsftpd restart"

setroubleshoot: SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t). For complete SELinux messages. run sealert -l cea35029-4b31-4545-911f-03edaa2e90c2

# sealert -l cea35029-4b31-4545-911f-03edaa2e90c2

Summary:

SELinux is preventing vsftpd (ftpd_t) "kill" to <Unknown> (ftpd_t).

Detailed Description:

SELinux denied access requested by vsftpd. It is not expected that this access
is required by vsftpd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:system_r:ftpd_t
Target Context                user_u:system_r:ftpd_t
Target Objects                None [ capability ]
Source                        vsftpd
Source Path                   <Unknown>
Port                          <Unknown>
Host                          lfvsfcp10116
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-2.4.6-300.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     lfvsfcp10116
Platform                      Linux lfvsfcp10116 2.6.18-238.9.1.el5 #1 SMP Fri
                              Mar 18 12:42:39 EDT 2011 x86_64 x86_64
Alert Count                   3
First Seen                    Tue Apr 19 21:06:14 2011
Last Seen                     Tue Apr 19 22:31:14 2011
Local ID                      cea35029-4b31-4545-911f-03edaa2e90c2
Line Numbers                  

Raw Audit Messages            

host=lfvsfcp10116 type=AVC msg=audit(1303266674.916:5101): avc:  denied  { kill } for  pid=31657 comm="vsftpd" capability=5 scontext=user_u:system_r:ftpd_t:s0 tcontext=user_u:system_r:ftpd_t:s0 tclass=capability

Version-Release number of selected component (if applicable):

libselinux.x86_64                         1.33.4-5.7.el5               installed
selinux-policy.noarch                     2.4.6-300.el5                installed
selinux-policy-devel.noarch               2.4.6-300.el5                installed
selinux-policy-targeted.noarch            2.4.6-300.el5                installed
setroubleshoot.noarch                     2.0.5-5.el5                  installed
setroubleshoot-plugins.noarch             2.0.4-2.el5                  installed
setroubleshoot-server.noarch              2.0.5-5.el5                  installed
vsftpd.x86_64                             2.0.5-16.el5_6.1             installed

How reproducible:

Happens every time that the vsftpd service is restarted with SELinux in enforcing/targeted.

Steps to Reproduce:
1. # service vsftpd restart
2. look in /var/log/messages for a setroubleshoot message
3.
  
Actual results:


Expected results:


Additional info:
Comment 2 Miroslav Grepl 2011-05-19 15:27:21 UTC 
Fixed in selinux-policy-2.4.6-306.el5
Comment 5 errata-xmlrpc 2011-07-21 09:20:04 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html
Comment 6 errata-xmlrpc 2011-07-21 11:56:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1069.html
Note You need to log in before you can comment on or make changes to this bug.