On 3 October 2010 21:03, Dominick Grift <domg472@gmail.com> wrote:

On Sun, Oct 03, 2010 at 08:48:59PM +0100, Aaron Gray wrote:
> Hi,
>
> I had a fresh F11 server install, but with out VSFTPD, then I installed
> VSFTPD, but it is blocked by SELinux.
>
> I turn off enforcement and FTP runs fine.
>
> Is there some script or proceedure I can run to allow VSFTPD on F11 or do I
> have to do a reinstall of Fedora ?
>
> Many thanks in advance,

Can you enclose the AVC denials that you are seeying. With those you should be able to fix any issues. AVC denials are (usually) logged to /var/log/audit/audit.log and can easily be listed with ausearch command.

First initial syscall :-

time->Sun Oct 3 21:12:24 2010

type=SYSCALL msg=audit(1286136744.107:21351): arch=40000003 syscall=120 success=no exit=-1 a0=28000011 a1=0 a2=6f4334 a3=6f4334 items=0 ppid=1 pid=1903 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0 key=(null)

type=AVC msg=audit(1286136744.107:21351): avc: denied { sys_admin } for pid=1903 comm="vsftpd" capability=21 scontext=unconfined_u:system_r:ftpd_t:s0 tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability

For example to list AVC denials that occured today: ausearch -m avc -ts today.

Yes but there will be a complex of activity after this and I would really like a proper instillation script to do the job rather than doing it piecemeal.

By the way, it is strongly encourage that you start planning for an operating system upgrade as Fedora 11 will reach end of life soon (if it is not EOL already). This means that you wont receive any security updates for the unsupported operating system anymore.

Yes I realize this but installing F13 had too many bugs on my old servers, so I went back to F11 for a while till F14 is out.

Thanks,

Aaron