[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SElinux is denying ftpd access to a dir

When I run my ftpd as a xinetd service, and attempt to log in (unix-style), I get this from SElinux:

SELinux is preventing /usr/sbin/pure-ftpd (ftpd_t) "search" to net (proc_net_t).

Detailed Description
SELinux denied access requested by /usr/sbin/pure-ftpd. It is not expected that this access is required by /usr/sbin/pure-ftpd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for net, restorecon -v net If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.

Additional Information
Source Context                user_u:system_r:ftpd_t
Target Context                system_u:object_r:proc_net_t
Target Objects                net [ dir ]
Affected RPM Packages         pure-ftpd-1.0.21-12.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-8.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     d500.localdomain
Platform Linux d500.localdomain 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 i686
Alert Count                   12
First Seen                    Thu 30 Aug 2007 09:26:07 PM EDT
Last Seen                     Thu 06 Sep 2007 09:30:33 PM EDT
Local ID                      8958c16e-27eb-4d3f-ad5c-787c1a960769
Line Numbers

Raw Audit Messages
avc: denied { search } for comm="pure-ftpd" dev=proc egid=0 euid=0
exe="/usr/sbin/pure-ftpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="net"
pid=19097 scontext=user_u:system_r:ftpd_t:s0 sgid=0
subj=user_u:system_r:ftpd_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:proc_net_t:s0 tty=(none) uid=0

I tried to allow access; I saw that there is a directory 'net' in proc:
[root d500 proc]# restorecon -v net
lstat(net) failed: Permission denied

Now what? Did I do this wrong, or do I need to create a 'local policy module'?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]