I noticed vsftpd starts running with UID 0 and MLS s0. When a user
logs in, a new process is spawn (forked) from vsftpd and UID is
changed to match the user. The problem is that MLS stays in s0, so if
the user has a different MLS it will make everything fail. Starting
vsftpd with s0-s0:c0.c1023 would be an option, but will then bypass
per-user MLS security. So IMHO vsftpd should be patched to change
security context when forking a new process.
You can reproduce the problem by running:
# semanage user -m -r s0-s0:c0.c1023 user_u
# groupadd testing
# useradd -m -g testing -Z user_u testing
# semanage login -m -r s0:c3 testing
# chcon -R -l s0:c3 /home/testing
# /etc/init.d/vsftpd start
open -u testing,password localhost
Daniel Walsh said at https://bugzilla.redhat.com/show_bug.cgi?id=518569
Lets bring this up for discussion on the SELinux list.
There are two possibilities, here, One is to just change the level on the
vstfpd process to run at the appropriate level of the user. The second would
be to change the type, in order to run as a type appropriate for the user. IE
With different privs then the vsftpd server.