RE: Selinux an vsftp

> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh@xxxxxxxxxx] 
> Sent: Wednesday, September 21, 2005 2:34 PM
> To: Tomas Larsson
> Cc: fedora-selinux-list@xxxxxxxxxx
> Subject: Re: Selinux an vsftp
> 
> 
> Tomas Larsson wrote:
> 
> >I am getting 500 OOPS: failed to open xferlog log 
> >file:/var/log/vsftpd.log, so I'm gessing that its something wrong in 
> >the selinux-setup
> >
> >Ls -Z looks lime this
> >-rw-r--r--  root     root     system_u:object_r:var_log_t    
>   vsftpd.log
> >
> >And in audit log
> >
> >type=AVC msg=audit(1127260722.483:14084097): avc:  denied  { 
> append } 
> >for pid=622 comm="vsftpd" name="vsftpd.log" dev=dm-0 ino=1143798 
> >scontext=system_u:system_r:ftpd_t 
> tcontext=system_u:object_r:var_log_t
> >tclass=file
> >
> >I'm guessing that I've got something wrong, but cant find what to do
> >
> >With best regards
> >
> >Tomas Larsson
> >Sweden
> >
> >Verus Amicus Est Tamquam Alter Idem
> >
> >
> >--
> >fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx
> >https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >  
> >
> Looks like a bug in file context.
> 
> chcon -t xferlog_t /var/log/vsftpd.log
> should fix it.
> 
> I will update policy
> 
> -- 
I've got that one sorted, deleted the logfile and restarted vsftpd.

Now got other problems:

Need anonymous ftp, configured ftpd correct (I think).
Created a user "ftpuser" for anoymous ftp in /var
ls -Z looks like this:

drwxrwsrwx  ftpuser  ftpuser  system_u:object_r:ftpd_anon_t    ftp

In ftp I have
drwxrwsrwx  ftpuser  ftpuser  system_u:object_r:ftpd_anon_t    pub

And get 553 errors, 

TYPE I
200 Switching to Binary mode.
PORT 192,168,0,2,6,45
200 PORT command successful. Consider using PASV.
STOR 465_v6.pdf
553 Could not create file.
Transfer request completed with status: Failed, 1 SubItem(s) failed


The audit log look like this
type=AVC msg=audit(1127307868.846:713105): avc:  denied  { write } for
pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t
tclass=dir
type=SYSCALL msg=audit(1127307868.846:713105): arch=40000003 syscall=5
success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357
auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500
fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=CWD msg=audit(1127307868.846:713105):  cwd="/"
type=PATH msg=audit(1127307868.846:713105): item=0 name="465_v6.pdf"
flags=310  inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00
type=AVC msg=audit(1127307868.880:713157): avc:  denied  { getattr } for
pid=9357 comm="vsftpd" name="pub" dev=dm-0 ino=1143638
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_rw_t
tclass=dir
type=SYSCALL msg=audit(1127307868.880:713157): arch=40000003 syscall=196
success=no exit=-13 a0=96b0aa0 a1=96b0ab0 a2=66cff4 a3=cc1eec items=1
pid=9357 auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500
sgid=500 fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=AVC_PATH msg=audit(1127307868.880:713157):  path="/pub"
type=CWD msg=audit(1127307868.880:713157):  cwd="/"
type=PATH msg=audit(1127307868.880:713157): item=0 name="pub" flags=0
inode=1143638 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00
type=AVC msg=audit(1127308017.113:730070): avc:  denied  { write } for
pid=9357 comm="vsftpd" name="ftp" dev=dm-0 ino=1143637
scontext=root:system_r:ftpd_t tcontext=system_u:object_r:ftpd_anon_t
tclass=dir
type=SYSCALL msg=audit(1127308017.113:730070): arch=40000003 syscall=5
success=no exit=-13 a0=96b08c0 a1=84c1 a2=1b6 a3=84c1 items=1 pid=9357
auid=0 uid=501 gid=500 euid=501 suid=501 fsuid=501 egid=500 sgid=500
fsgid=500 comm="vsftpd" exe="/usr/sbin/vsftpd"
type=CWD msg=audit(1127308017.113:730070):  cwd="/"
type=PATH msg=audit(1127308017.113:730070): item=0 name="465_v6.pdf"
flags=310  inode=1143637 dev=fd:00 mode=042777 ouid=501 ogid=500 rdev=00:00


With best regards

Tomas Larsson
Sweden

Verus Amicus Est Tamquam Alter Idem