First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 93935
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: petre rodan (RETIRED) <kaiowas@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: shimi <gentoo-bugzilla@shimi.net>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 93935 depends on: Show dependency tree
Show dependency graph
Bug 93935 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-05-25 06:29 0000 
I merged vsftpd and selinux-ftpd.

need to note that /usr/sbin/vsftpd did not have the right context, I had to
change it to system_u:object_r:ftpd_exec_t for it to even start run.

Running /etc/init.d/vsftpd start yeilds the following in dmesg:
audit(1117019526.941:0): avc:  denied  { name_bind } for  pid=2591
exe=/usr/sbin/vsftpd src=21 scontext=system_u:system_r:ftpd_t
tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket

and vsftpd on console: 500 OOPS: could not bind listening IPv4 socket

After adding: allow ftpd_t ftp_port_t:tcp_socket name_bind;
to /etc/security/selinux/src/policy/domains/misc/local.te - and a make load -
all is well and connections to vsftpd are possible.

Reproducible: Always
Steps to Reproduce:
1. run with selinux in enforcing mode
2. emerge vsftpd selinux-ftpd
3. /etc/init.d/vsftpd start

Actual Results:  
500 OOPS: could not bind listening IPv4 socket

Expected Results:  
 * Starting vsftpd ...             [ ok ]


Portage 2.0.51.22-r1 (selinux/2004.1/amd64, gcc-3.4.3, glibc-2.3.4.20041102-r1,
2.6.11-hardened-r13 x86_64)
=================================================================
System uname: 2.6.11-hardened-r13 x86_64 AMD Opteron(tm) Processor 248
Gentoo Base System version 1.6.12
dev-lang/python:     2.3.5
sys-apps/sandbox:    1.2.8
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5
sys-devel/binutils:  2.15.92.0.2-r8
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="http://mirror.hamakor.org.il/pub/mirrors/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 apache2 berkdb calendar crypt emul-linux-x86 exif ftp gd geoip gif
gpm hardened iconv imagemagick innodb ipv6 jpeg libwww lm_sensors memlimit mmap
multilib mysql ncurses nls pam perl php pic png python readline selinux session
sqlite ssl tcpd tiff zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY

------- Comment #1 From shimi 2005-05-25 06:32:30 0000 ------- 
Forgot to mention:
selinux-base-policy: 20050322
selinux-ftpd: 20050408

------- Comment #2 From petre rodan (RETIRED) 2005-05-25 11:51:44 0000 ------- 
fixed in selinux-ftpd-20050525
thanks for the bug report
First Last Prev Next    No search results available      Search page      Enter new bug