denying despite allow rule
Maria Iano
maria at iano.org
Thu Mar 10 21:21:17 UTC 2011
selinux is denying an action that seems to be allowed in the policy.
Any ideas on why this would be? I want to fix this with a local
policy, but audit2allow just tells me to add the same allow rule that
is already present according to sesearch.
Here are the audit messages:
host=eng-vocngcn03.eng.gci type=AVC msg=audit(1299790809.242:685639):
avc: denied { rename } for pid=21701 comm="vsftpd"
name=".local-110585184.jpg.3836" dev=dm-22 ino=13467775
scontext=system_u:system_r:ftpd_t:s0
tcontext=system_u:object_r:samba_share_t:s0 tclass=file
host=eng-vocngcn03.eng.gci type=SYSCALL
msg=audit(1299790809.242:685639): arch=c000003e syscall=82 success=no
exit=-13 a0=2aca78d2c2a0 a1=2aca78d2c300 a2=1 a3=312d6c61636f6c2f
items=0 ppid=21697 pid=21701 auid=4294967295 uid=14 gid=100 euid=14
suid=14 fsuid=14 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295
comm="vsftpd" exe="/usr/sbin/vsftpd" subj=system_u:system_r:ftpd_t:s0
key=(null)
Based on the AVC message I put together and sesearch command below,
and it shows that there is an allow rule:
#sesearch -a -t samba_share_t -s ftpd_t -c file -p rename
Found 1 av rules:
allow ftpd_t samba_share_t : file { ioctl read write create
getattr setattr lock append unlink link rename };
Thanks,
Maria
More information about the selinux
mailing list