Hi folks, I have configured vsftpd with virtual users for webserver users (that means, a virtual users chrooted home is the document root of a virtual host in apache). That works fine so far - as long as SElinux ist not enforcing. I have tried to audit2allow out the problem, but did not succeed. Virtual vsftpd users are denied access to directories: virtual users are mapped to a system user with vsftpd; after login the vsftpd process changes into the system users home directory, then into the virtual users chroot. And the first step (changing into the system users home dir) is denied by SElinux. But there is no "avc denial" in audit log any more - I have policied these out completely. There seems to be a "dontaudit" denial working - which I cannot make visible on CentOS since the -D flag is not available for semodule (as it is in Fedora 9, e.g.). So I am quite stuck here. Is there anything I can do to find the denial I need to feed into audit2allow? Or some other way to make SElinux accept vsftpds access? Perhaps someone out there has already gone through this process. Any hint or help is appreciated. Dirk