denying despite allow rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



selinux is denying an action that seems to be allowed in the policy.  
Any ideas on why this would be? I want to fix this with a local  
policy, but audit2allow just tells me to add the same allow rule that  
is already present according to sesearch.

Here are the audit messages:

host=eng-vocngcn03.eng.gci type=AVC msg=audit(1299790809.242:685639):  
avc: denied { rename } for pid=21701 comm="vsftpd"  
name=".local-110585184.jpg.3836" dev=dm-22 ino=13467775  
scontext=system_u:system_r:ftpd_t:s0  
tcontext=system_u:object_r:samba_share_t:s0 tclass=file

host=eng-vocngcn03.eng.gci type=SYSCALL  
msg=audit(1299790809.242:685639): arch=c000003e syscall=82 success=no  
exit=-13 a0=2aca78d2c2a0 a1=2aca78d2c300 a2=1 a3=312d6c61636f6c2f  
items=0 ppid=21697 pid=21701 auid=4294967295 uid=14 gid=100 euid=14  
suid=14 fsuid=14 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295  
comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0  
key=(null)

Based on the AVC message I put together and sesearch command below,  
and it shows that there is an allow rule:

#sesearch -a -t samba_share_t -s ftpd_t -c file -p rename
Found 1 av rules:
    allow ftpd_t samba_share_t : file { ioctl read write create  
getattr setattr lock append unlink link rename };

Thanks,
Maria
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux