View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015946 | CentOS-7 | selinux-policy | public | 2019-03-22 19:44 | 2019-03-22 19:44 |
Reporter | Nigel Aves | ||||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Platform | OS | OS Version | 7 | ||
Product Version | |||||
Target Version | Fixed in Version | ||||
Summary | 0015946: SELinux is preventing proftpd from 'getattr' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6. | ||||
Description | Description of problem: New system setup SELinux is preventing proftpd from 'getattr' accesses on the file /proc/sys/net/ipv6/conf/all/disable_ipv6. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that proftpd should be allowed getattr access on the disable_ipv6 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'proftpd' --raw | audit2allow -M my-proftpd # semodule -i my-proftpd.pp Additional Information: Source Context system_u:system_r:ftpd_t:s0-s0:c0.c1023 Target Context system_u:object_r:sysctl_net_t:s0 Target Objects /proc/sys/net/ipv6/conf/all/disable_ipv6 [ file ] Source proftpd Source Path proftpd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.9.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 5.0.3-1.el7.elrepo.x86_64 #1 SMP Tue Mar 19 09:51:25 EDT 2019 x86_64 x86_64 Alert Count 1 First Seen 2019-03-22 12:37:23 MDT Last Seen 2019-03-22 12:37:23 MDT Local ID ca53fa4f-2305-4d75-9ece-73e1bfb489d4 Raw Audit Messages type=AVC msg=audit(1553279843.781:135): avc: denied { getattr } for pid=6963 comm="proftpd" path="/proc/sys/net/ipv6/conf/all/disable_ipv6" dev="proc" ino=2224 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file permissive=1 Hash: proftpd,ftpd_t,sysctl_net_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.9.noarch | ||||
Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 5.0.3-1.el7.elrepo.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
Tags | No tags attached. | ||||
abrt_hash | 16e7e8563e0d5230f58cbbd7d270749115b47398876d0a0262d80d47451b7f2b | ||||
URL | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2019-03-22 19:44 | Nigel Aves | New Issue |