View Issue Details

IDProjectCategoryView StatusLast Update
0015129CentOS-7selinux-policypublic2018-08-01 23:33
Reporterdracobuild 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015129: SELinux is preventing vsftpd from 'getattr' accesses on the file /home/student/abc.
DescriptionDescription of problem:
During configuration after the install of vsftpd server. SELinux issue with file located in home directory.

Settings changed from default in vsftpd.conf below:
anonymous_enable=NO
local_enable=YES
write_enable=NO
SELinux is preventing vsftpd from 'getattr' accesses on the file /home/student/abc.

***** Plugin catchall_boolean (89.3 confidence) suggests ******************

If you want to allow ftpd to full access
Then you must tell SELinux about this by enabling the 'ftpd_full_access' boolean.

Do
setsebool -P ftpd_full_access 1

***** Plugin catchall (11.6 confidence) suggests **************************

If you believe that vsftpd should be allowed getattr access on the abc file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'vsftpd' --raw | audit2allow -M my-vsftpd
# semodule -i my-vsftpd.pp

Additional Information:
Source Context system_u:system_r:ftpd_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:mozilla_home_t:s0
Target Objects /home/student/abc [ file ]
Source vsftpd
Source Path vsftpd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.4.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.9.1.el7.x86_64 #1 SMP
                              Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2018-08-01 16:13:04 MST
Last Seen 2018-08-01 16:13:04 MST
Local ID 31efbfb8-d1e1-416b-9720-1c826ebcc769

Raw Audit Messages
type=AVC msg=audit(1533165184.792:316): avc: denied { getattr } for pid=6855 comm="vsftpd" path="/home/student/abc" dev="dm-2" ino=1825 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mozilla_home_t:s0 tclass=file


Hash: vsftpd,ftpd_t,mozilla_home_t,file,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-192.el7_5.4.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.9.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash407386c89aa9f43699da444039b79b755ea5d3dee4feb1be864f9b5deb839a82
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-08-01 23:33 dracobuild New Issue