F16/proftpd/systemd

[Paul Howarth]

I have these AVCs when logging in to proftpd on F16 using PAM/sssd with 
an LDAP backend:

type=AVC msg=audit(1323102469.514:6174): avc:  denied  { search } for 
pid=30199 comm="systemd-logind" name="3503" dev=proc ino=80549480 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=dir

type=AVC msg=audit(1323102469.514:6174): avc:  denied  { read } for 
pid=30199 comm="systemd-logind" name="sessionid" dev=proc ino=80550003 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=AVC msg=audit(1323102469.514:6174): avc:  denied  { open } for 
pid=30199 comm="systemd-logind" name="sessionid" dev=proc ino=80550003 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=SYSCALL msg=audit(1323102469.514:6174): arch=c000003e syscall=2 
success=yes exit=11 a0=15d3f00 a1=80000 a2=1b6 a3=39 items=0 ppid=1 
pid=30199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" 
exe=2F6C69622F73797374656D642F73797374656D642D6C6F67696E64202864656C6574656429 
subj=system_u:system_r:systemd_logind_t:s0 key=(null)

type=AVC msg=audit(1323102469.515:6175): avc:  denied  { getattr } for 
pid=30199 comm="systemd-logind" path="/proc/3503/sessionid" dev=proc 
ino=80550003 scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=SYSCALL msg=audit(1323102469.515:6175): arch=c000003e syscall=5 
success=yes exit=0 a0=b a1=7fffe3b39190 a2=7fffe3b39190 a3=39 items=0 
ppid=1 pid=30199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" 
exe=2F6C69622F73797374656D642F73797374656D642D6C6F67696E64202864656C6574656429 
subj=system_u:system_r:systemd_logind_t:s0 key=(null)

type=AVC msg=audit(1323102564.051:6184): avc:  denied  { search } for 
pid=30199 comm="systemd-logind" name="3630" dev=proc ino=80551904 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=dir

type=AVC msg=audit(1323102564.051:6184): avc:  denied  { read } for 
pid=30199 comm="systemd-logind" name="sessionid" dev=proc ino=80551906 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=AVC msg=audit(1323102564.051:6184): avc:  denied  { open } for 
pid=30199 comm="systemd-logind" name="sessionid" dev=proc ino=80551906 
scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=SYSCALL msg=audit(1323102564.051:6184): arch=c000003e syscall=2 
success=yes exit=11 a0=15d3fd0 a1=80000 a2=1b6 a3=39 items=0 ppid=1 
pid=30199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" 
exe=2F6C69622F73797374656D642F73797374656D642D6C6F67696E64202864656C6574656429 
subj=system_u:system_r:systemd_logind_t:s0 key=(null)

type=AVC msg=audit(1323102564.051:6185): avc:  denied  { getattr } for 
pid=30199 comm="systemd-logind" path="/proc/3630/sessionid" dev=proc 
ino=80551906 scontext=system_u:system_r:systemd_logind_t:s0 
tcontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tclass=file

type=SYSCALL msg=audit(1323102564.051:6185): arch=c000003e syscall=5 
success=yes exit=0 a0=b a1=7fffe3b39190 a2=7fffe3b39190 a3=39 items=0 
ppid=1 pid=30199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-logind" 
exe=2F6C69622F73797374656D642F73797374656D642D6C6F67696E64202864656C6574656429 
subj=system_u:system_r:systemd_logind_t:s0 key=(null)

audit2allow -R suggests:

ftp_systemctl(systemd_logind_t)

Does that look reasonable? I looked at the interface in git but the 
comment text appears to have been copy-and-pasted from another interface 
without being edited.

Paul.