[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
ftpd and PAM
- From: Paul Howarth <paul city-fan org>
- To: fedora-selinux-list redhat com
- Subject: ftpd and PAM
- Date: Tue, 26 Jun 2007 11:38:34 +0100
The PAM config files for vsftpd and prpftpd look like this:
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny
file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so
So it makes sense for ftpd_t to be able to set the login uid and create
a session keyring:
logging_set_loginuid(ftpd_t)
allow ftpd_t self:key { write search link };
Curiously, I've done this locally but still get this AVC when logging in
on proftpd, with an open dovecot IMAP session on the same server:
type=AVC msg=audit(1182853960.377:103383): avc: denied { link } for
pid=24601 comm="proftpd" scontext=root:system_r:ftpd_t:s0
tcontext=root:system_r:dovecot_t:s0 tclass=key
Paul.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]