> -----Original Message----- > From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx] > Sent: Wednesday, September 21, 2005 2:34 PM > To: Tomas Larsson > Cc: fedora-selinux-list@xxxxxxxxxx > Subject: Re: Selinux an vsftp > > > Tomas Larsson wrote: > > >I am getting 500 OOPS: failed to open xferlog log > >file:/var/log/vsftpd.log, so I'm gessing that its something wrong in > >the selinux-setup > > > >Ls -Z looks lime this > >-rw-r--r-- root root system_u:object_r:var_log_t > vsftpd.log > > > >And in audit log > > > >type=AVC msg=audit(1127260722.483:14084097): avc: denied { > append } > >for pid=622 comm="vsftpd" name="vsftpd.log" dev=dm-0 ino=1143798 > >scontext=system_u:system_r:ftpd_t > tcontext=system_u:object_r:var_log_t > >tclass=file > > > >I'm guessing that I've got something wrong, but cant find what to do > > > >With best regards > > > >Tomas Larsson > >Sweden > > > >Verus Amicus Est Tamquam Alter Idem > > > > > >-- > >fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx > >https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > > Looks like a bug in file context. > > chcon -t xferlog_t /var/log/vsftpd.log > should fix it. > > I will update policy > > -- I've got that one sorted, deleted the logfile and restarted vsftpd. Now got other problems: Need anonymous ftp, configured ftpd correct (I think). Created a user "ftpuser" for anoymous ftp in /var ls -Z looks like this: drwxrwsrwx ftpuser ftpuser system_u:object_r:ftpd_anon_t ftp In ftp I have drwxrwsrwx ftpuser ftpuser system_u:object_r:ftpd_anon_t pub And get 553 errors, TYPE I 200 Switching to Binary mode. PORT 192,168,0,2,6,45 200 PORT command successful. Consider using PASV. STOR 465_v6.pdf 553 Could not create file. Transfer request completed with status: Failed, 1 SubItem(s) failed The audit log look like this type=AVC msg=audit(1127307868.846:713105): avc: denied { write } for pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637 scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t tclass=dir type=SYSCALL msg=audit(1127307868.846:713105): arch=40000003 syscall=5 success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357 auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500 fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd" type=CWD msg=audit(1127307868.846:713105): cwd="/" type=PATH msg=audit(1127307868.846:713105): item=0 name="465_v6.pdf" flags=310 inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00 type=AVC msg=audit(1127307868.880:713157): avc: denied { getattr } for pid=9357 comm="vsftpd" name="pub" dev=dm-0 ino=1143638 scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_rw_t tclass=dir type=SYSCALL msg=audit(1127307868.880:713157): arch=40000003 syscall=196 success=no exit=-13 a0=96b0aa0 a1=96b0ab0 a2=66cff4 a3=cc1eec items=1 pid=9357 auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500 fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd" type=AVC_PATH msg=audit(1127307868.880:713157): path="/pub" type=CWD msg=audit(1127307868.880:713157): cwd="/" type=PATH msg=audit(1127307868.880:713157): item=0 name="pub" flags=0 inode=1143638 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00 type=AVC msg=audit(1127308017.113:730070): avc: denied { write } for pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637 scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t tclass=dir type=SYSCALL msg=audit(1127308017.113:730070): arch=40000003 syscall=5 success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357 auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500 fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd" type=CWD msg=audit(1127308017.113:730070): cwd="/" type=PATH msg=audit(1127308017.113:730070): item=0 name="465_v6.pdf" flags=310 inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00 With best regards Tomas Larsson Sweden Verus Amicus Est Tamquam Alter Idem -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
