|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Apr 2, 2012, at 11:43 AM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/02/2012 10:42 AM, Maria Iano wrote:I'm confused about a situation where I'm getting denied avc messages eventhough there is an allow rule in place. What am I missing?This is on RHEL 5.8 using the targeted policy. Here's an example. I havethis avc message from this morning:type=AVC msg=audit(1333372681.227:20002): avc: denied { append } forpid=3480 comm="vsftpd"path="/LTS/eng-ng/snip/2012/03/20/ STORY_Letters_for_Sun._3-4_1_66_610389Z/ IMG_Cartoon_for_3-4.jpg_1_1_8F1363GR/ IMG_Cartoon_for_3-4.jpg_1_1_8F1363GR.xml"dev=dm-8 ino=227640612 scontext=system_u:system_r:ftpd_t:s0tcontext=system_u:object_r:public_content_t:s0 tclass=file but when I do sesearch it shows a matching allow rule:# sesearch -s ftpd_t -t public_content_t -c file -p append -a Found 1 avrules: allow ftpd_t public_content_t : file { ioctl read write create getattr setattr lock append unlink link rename };Found 5 role allow rules: allow system_r sysadm_r ; allow user_r sysadm_r ; allow user_r system_r ; allow sysadm_r user_r ; allow sysadm_r system_r; Thanks for any help you can give, Maria-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinuxIf you want to make this work, you should label the content as public_content_rw_t and then turn on allow_ftpd_anon_write boolean. man ftpd_selinux /SHARING
Thank you and will do! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
