Hi Jason, For "vsftpd" service we have ftpd_t SELinux policy by default shipped in distribution SELinux policy on all currently supported Fedoras. To confirm that vsftpd is confined by SELinux you could execute: # ps -efZ | grep vsftpd system_u:system_r:ftpd_t:s0-s0:c0.c1023 root 1109 1 0 08:39 ? 00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 1112 919 0 08:39 pts/0 00:00:00 grep --color=auto vsftpd Please see that vsftpd with pid (in my case) 1109 is running under "system_u:system_r:ftpd_t:s0-s0:c0.c1023" where the important part is "ftpd_t". So this process is confined by SELinux and ftpd policy is used. I tried to start "vsftpd" on my Fedora 30 system and service started without any issue with SELinux in enforcing state. Could you please try to start vsftpd: # systemctl start vsftpd and then attach output of: # ausearch -m AVC -ts boot Thanks, Lukas. On 8/12/19 7:47 AM, Jason Long wrote: > Hello, > I installed "vsftpd" service, but by default SELinux blocked it. I > changed SELinux configuration by "setsebool -P ftpd_full_access 1", but > I guess its mean that SELinux can't protect my "vsftpd" service. How can > I use "vsftpd" service with SELinux enabled? > > Thanks. > > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx > -- Lukas Vrabec Senior Software Engineer, Security Technologies Red Hat, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx