Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "James R. Marcus" <jmarcus@×××××××.net>
To: Chris PeBenito <pebenito@g.o>
Cc: gentoo-hardened@l.g.o
Subject: RE: [gentoo-hardened] vsftpd problems
Date: Wed, 18 Aug 2004 02:14:06
Message-Id: E6E16A6D4277CD459BBDE6713766033CA51110@exchange.mvalent.local
1 I forgot to mention I added this line to
2 /etc/security/selinux/src/policy/domains/program/ftpd.te
3
4 #Added to fix vsftpd problem
5 domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t) <- Added this line only
6 ifdef(`ftpd_is_daemon', `
7 rw_dir_create_file(ftpd_t, var_lock_t)
8 allow ftpd_t ftp_port_t:tcp_socket name_bind;
9 can_tcp_connect(userdomain, ftpd_t)
10 ', `
11 This message occurred after I had tried everything Timothy Wood had
12 recommended. I have been restarting vsftpd with this way: run_init
13 /etc/init.d/vsftpd restart. Timothy has asked me to compile a standard
14 linux kernel and boot it and see if vsftpd works.
15
16 What do you think?
17
18
19 Thanks,
20 James
21
22
23 -----Original Message-----
24 From: Chris PeBenito [mailto:pebenito@g.o]
25 Sent: Tuesday, August 17, 2004 8:14 PM
26 To: James R. Marcus
27 Cc: gentoo-hardened@l.g.o
28 Subject: RE: [gentoo-hardened] vsftpd problems
29
30 On Tue, 2004-08-17 at 13:02, James R. Marcus wrote:
31 > I have been working with the gentlemen on the SELinux list to resolve
32 my
33 > issue with vsftpd.
34
35 > ftp program # ls -Z /usr/sbin/vsftpd
36 > -rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd
37 > ftp program #
38
39 > /var/log/messages:
40 > Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483
41 > exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973
42 > scontext=root:staff_r:staff_t tcontext=s
43 > ystem_u:object_r:unlabeled_t tclass=file
44
45 Did this denial message happen after you verifed that its ftpd_exec_t,
46 then restarted it? It is inconsistent.
47
48 --
49 Chris PeBenito
50 <pebenito@g.o>
51 Developer,
52 Hardened Gentoo Linux
53 Embedded Gentoo Linux
54
55 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
56 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
57
58 --
59 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups