Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 155958 - vsftpd cann't do anonymous upload
Summary: vsftpd cann't do anonymous upload
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-26 06:10 UTC by han pingtian
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-26 12:39:44 UTC


Attachments (Terms of Use)

Description han pingtian 2005-04-26 06:10:11 UTC
Description of problem:
when do anonymous upload with vsftpd, always be failure. And the
/var/log/message contains this message:

kernel: audit(1114495188.214:0): avc:  denied  { write } for  pid=4661
exe=/usr/sbin/vsftpd name=pub dev=hda7 ino=587229
scontext=system_u:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t tclass=dir
Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.12-4

How reproducible:
anonymous ftp with selinux-policy-targeted enabled

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Daniel Walsh 2005-04-26 12:39:44 UTC
You need to set the upload directory to ftpd_anon_rw_t.

chcon -t ftpd_anon_rw_t /var/ftp/ftp/upload

man ftpd_selinux describes this.



Comment 2 han pingtian 2005-04-27 02:03:43 UTC
thanks a lot.

another question: when boot the mechine, it reports those informations:
.......
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
audit(1114592249.835:0): avc:  denied  { search } for  name=1 dev=proc ino=65538
scontext=system_
u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=475 dev=proc
ino=31129602 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=486 dev=proc
ino=31850498 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:initrc_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=543 dev=proc
ino=35586050 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.836:0): avc:  denied  { search } for  name=546 dev=proc
ino=35782658 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=559 dev=proc
ino=36634626 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=564 dev=proc
ino=36962306 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.837:0): avc:  denied  { search } for  name=569 dev=proc
ino=37289986 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.838:0): avc:  denied  { search } for  name=575 dev=proc
ino=37683202 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=576 dev=proc
ino=37748738 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=578 dev=proc
ino=37879810 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=595 dev=proc
ino=38993922 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=639 dev=proc
ino=41877506 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:initrc_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=647 dev=proc
ino=42401794 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:udev_t tclass=dir
audit(1114592249.862:0): avc:  denied  { search } for  name=649 dev=proc
ino=42532866 scontext=sy
stem_u:system_r:kernel_t tcontext=system_u:system_r:hotplug_t tclass=dir

what's wrong?

Comment 3 Daniel Walsh 2005-04-27 12:02:46 UTC
Your using Rawhide :^)

Update to latest policy and alot of these should be fixed.

Kernel_t needs to have unconfined privs.

Dan


Note You need to log in before you can comment on or make changes to this bug.