Re: [CentOS] vsftpd and SElinux
Thanks, Filipe, that has lead me to exactly what I was looking for. Dirk --On 9. Dezember 2008 17:18:30 -0500 Filipe Brandenburger [EMAIL PROTECTED] wrote: Hi, On Tue, Dec 9, 2008 at 15:02, Dirk H. Schulz [EMAIL PROTECTED] wrote: I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. Look at man ftpd_selinux. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -- Technik vom Feinsten - und das nötige Tuning ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] vsftpd and SElinux
Hi folks, I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. I have tried to audit2allow out the problem, but did not succeed. Virtual vsftpd users are denied access to directories: virtual users are mapped to a system user with vsftpd; after login the vsftpd process changes into the system users home directory, then into the virtual users chroot. And the first step (changing into the system users home dir) is denied by SElinux. But there is no avc denial in audit log any more - I have policied these out completely. There seems to be a dontaudit denial working - which I cannot make visible on CentOS since the -D flag is not available for semodule (as it is in Fedora 9, e.g.). So I am quite stuck here. Is there anything I can do to find the denial I need to feed into audit2allow? Or some other way to make SElinux accept vsftpds access? Perhaps someone out there has already gone through this process. Any hint or help is appreciated. Dirk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] vsftpd and SElinux
Hi, On Tue, Dec 9, 2008 at 15:02, Dirk H. Schulz [EMAIL PROTECTED] wrote: I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. Look at man ftpd_selinux. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos