On Fri, 2013-11-15 at 07:10 -0400, Jorge Fábregas wrote: > On 11/14/2013 05:52 PM, Miroslav Grepl wrote: > > What raw AVC msgs are you getting? > > > > What OS? > > Hi, > > As sson as I enter the password I get this in /var/log/secure: > > Nov 15 06:57:34 sftphd sshd[11179]: fatal: safely_chroot: > stat("/var/ftp/"): Permission denied > > The home directory for the user is /var/ftp/pub (that's where it gets > jailed in) and it is public_content_t as well. It says that its not allowed to stat /var/ftp: ls -dZ /var/ftp But as a aside, if you want to chroot users to a non user home dir then you might want to add that dir to the exclude dirs in semanage.conf because else you might get into issues when policy is rebuilt and you run restorecon on that location because genhomedircon would treat that dir as a user home dir and add fc specs for it I think the ssh chroot functionality is BS I created a screencast and put it you youtube in which i demonstrate how to use SELinux to confine users with a need for chroots: https://www.youtube.com/watch?v=3QYqA19dqbk -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux