View Issue Details

IDProjectCategoryView StatusLast Update
0015946CentOS-7selinux-policypublic2019-03-22 19:44
ReporterNigel Aves 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015946: SELinux is preventing proftpd from 'getattr' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.
DescriptionDescription of problem:
New system setup
SELinux is preventing proftpd from 'getattr' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that proftpd should be allowed getattr access on the disable_ipv6 file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'proftpd' --raw | audit2allow -M my-proftpd
# semodule -i my-proftpd.pp

Additional Information:
Source Context system_u:system_r:ftpd_t:s0-s0:c0.c1023
Target Context system_u:object_r:sysctl_net_t:s0
Target Objects /proc/sys/net/ipv6/conf/all/disable_ipv6 [ file ]
Source proftpd
Source Path proftpd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name (removed)
Platform Linux (removed) 5.0.3-1.el7.elrepo.x86_64 #1 SMP
                              Tue Mar 19 09:51:25 EDT 2019 x86_64 x86_64
Alert Count 1
First Seen 2019-03-22 12:37:23 MDT
Last Seen 2019-03-22 12:37:23 MDT
Local ID ca53fa4f-2305-4d75-9ece-73e1bfb489d4

Raw Audit Messages
type=AVC msg=audit(1553279843.781:135): avc: denied { getattr } for pid=6963 comm="proftpd" path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=2224 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1


Hash: proftpd,ftpd_t,sysctl_net_t,file,getattr

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.9.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 5.0.3-1.el7.elrepo.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash16e7e8563e0d5230f58cbbd7d270749115b47398876d0a0262d80d47451b7f2b
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-03-22 19:44 Nigel Aves New Issue