Vsftpd in a chrooted environement

Roger Grosswiler roger at gwch.net
Fri Aug 12 06:04:52 UTC 2005


i run vsftpd in a chrooted environement. Since yesterday, again in 
targeted mode. Loggin in, gives a 500 OOPS - Message

according to audit.log, the following is missing:

type=AVC msg=audit(1123825815.048:14086489): avc:  denied  { 
dac_override } for  pid=21576 comm="vsftpd" capability=1 
scontext=system_u:system_r:ftpd_t tcontext=system_u:system_r:ftpd_t 

i inserted in local.te the following (according to audit2allow)

allow ftpd_t self:capability { dac_override dac_read_search };

...and now it works. Can anybody check this for other securiy holes? Or 
did i just do an error in my config now? using the ftpd_home...-boolean, 
this did not help, nor did ftpd_disable_trans=1 (what was not my wish)

Thanks for your reply

More information about the fedora-selinux-list mailing list