[CentOS] vsftpd and SElinux
Dirk H. Schulz
dirk.schulz at kinzesberg.de
Tue Dec 9 20:02:16 UTC 2008
I have configured vsftpd with virtual users for webserver users (that
means, a virtual users chrooted home is the document root of a virtual host
in apache). That works fine so far - as long as SElinux ist not enforcing.
I have tried to audit2allow out the problem, but did not succeed. Virtual
vsftpd users are denied access to directories: virtual users are mapped to
a system user with vsftpd; after login the vsftpd process changes into the
system users home directory, then into the virtual users chroot. And the
first step (changing into the system users home dir) is denied by SElinux.
But there is no "avc denial" in audit log any more - I have policied these
out completely. There seems to be a "dontaudit" denial working - which I
cannot make visible on CentOS since the -D flag is not available for
semodule (as it is in Fedora 9, e.g.).
So I am quite stuck here. Is there anything I can do to find the denial I
need to feed into audit2allow? Or some other way to make SElinux accept
Perhaps someone out there has already gone through this process.
Any hint or help is appreciated.
More information about the CentOS