Vsftpd in a chrooted environement
Roger Grosswiler
roger at gwch.net
Fri Aug 12 06:04:52 UTC 2005
Hi,
i run vsftpd in a chrooted environement. Since yesterday, again in
targeted mode. Loggin in, gives a 500 OOPS - Message
according to audit.log, the following is missing:
type=AVC msg=audit(1123825815.048:14086489): avc: denied {
dac_override } for pid=21576 comm="vsftpd" capability=1
scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t
tclass=capability
i inserted in local.te the following (according to audit2allow)
allow ftpd_t self:capability { dac_override dac_read_search };
...and now it works. Can anybody check this for other securiy holes? Or
did i just do an error in my config now? using the ftpd_home...-boolean,
this did not help, nor did ftpd_disable_trans=1 (what was not my wish)
Thanks for your reply
Roger
More information about the fedora-selinux-list
mailing list