Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 163091 - vsftpd can't read cert_t files/directories
Summary: vsftpd can't read cert_t files/directories
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-12 20:11 UTC by Bojan Smojver
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-15 11:55:02 UTC


Attachments (Terms of Use)

Description Bojan Smojver 2005-07-12 20:11:57 UTC
Description of problem:

This is a continuation of the cert_t problem, but instead of dovecot, the
culprit is now vsftpd. As an aside, I think I've seen bind do a similar thing at
one stage (with the policy file from July 9), but I'll have to fiddle with it to
verify...

Version-Release number of selected component (if applicable):
1.25.1-7

How reproducible:
Always.

Additional info:

Jul 12 17:51:23 beauty kernel: audit(1121154683.985:225): avc:  denied  { search
 } for  pid=26291 comm="vsftpd" name="pki" dev=dm-0 ino=481589 scontext=root:sys
tem_r:ftpd_t tcontext=system_u:object_r:cert_t tclass=dir
Jul 12 17:51:23 beauty kernel: audit(1121154683.989:226): avc:  denied  { search
 } for  pid=26291 comm="vsftpd" name="pki" dev=dm-0 ino=481589 scontext=root:sys
tem_r:ftpd_t tcontext=system_u:object_r:cert_t tclass=dir

Comment 1 Daniel Walsh 2005-07-14 15:28:34 UTC
selinux-policy-targeted-1.25.2-4

Comment 2 Bojan Smojver 2005-07-14 20:04:27 UTC
Where can I find that one? The testing repository goes up to -3.

Comment 3 Daniel Walsh 2005-07-14 20:31:02 UTC
It should be going out tonight.  You can grab a copy off of

ftp://people.redhat.com/dwalsh/SELinux/FC4


Comment 4 Bojan Smojver 2005-07-15 11:55:02 UTC
Looking good! I'll close for now.


Note You need to log in before you can comment on or make changes to this bug.