* Thomas Bleher <bleher(a)informatik.uni-muenchen.de> [2006-05-11 09:16]:
* Ketut Mahaindra <kmahaindra(a)axalto.com> [2006-05-11 07:19]:
> - I have the following AVC error messages:
> avc: denied { dac_override } for pid=9099 comm="vsftpd" capability=1
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability
> avc: denied { dac_read_search } for pid=9099 comm="vsftpd"
capability=2
> scontext=system_u:system_r:ftpd_t:s0 tcontext=system_u:system_r:ftpd_t:s0
> tclass=capability
This means that vsftpd can't access some files or directories because it
does not have DAC rights on it. Probably some home directory is mode
0700. Either you change the rights on the directory or you allow the
capabilities as discussed in this thread.
BTW: Is there some way to get more information out of the kernel about
which file is being accessed? This would be really helpful in debugging
why an application needs dac_override.
Thomas