我的虚拟用户无法 Chroot()

我的虚拟用户无法 Chroot()

我正在 Fedora 20 Linux 服务器中配置 Proftp 服务器。我所有的真实用户都可以正常登录,但虚拟用户却不行。

Virtaul 用户位于 SQL 表中,mod_sql.c 正在定位数据并批准登录。检查日志显示用户无法在其目录(公共 ftp 目录)中 chroot()。

有任何想法吗?

SELinux已启用并强制执行,布尔值:

ftp_home_dir --> on
ftpd_anon_write --> on
ftpd_connect_all_unreserved --> on
ftpd_connect_db --> on
ftpd_full_access --> off
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> on
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
sftpd_anon_write --> off
sftpd_enable_homedirs --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off
tftp_home_dir --> off

已启用的模块:

  • 修改sql文件
  • 修改mysql配置文件
  • mod_quotatab_sql.c
  • mod_quotatab.c

日志:

mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): DefaultRoot
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Umask
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): DirUmask
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): AllowOverwrite
mar 28 13:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): RootLogin
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Preparing to chroot to directory '/opt/publicftp'
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): Environment successfully chroot()ed
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): unable to chdir to / (Permiso denegado), defaulting to chroot directory /opt/publicftp
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): virtual_user chdir("/"): Permiso denegado
mar 28 19:26:19 pw000i proftpd[6624] XX.XX.X.XXX (YY.YY.Y.YYY[YY.YY.Y.YYY]): FTP session closed.

编辑:按照更改公共目录的安全标志的建议,仍然出现相同的错误。

/opt/publicftp/ 的安全标签

[root@pw000i opt]#  ls -dZ /opt/publicftp/
drw-rw-rw-. root root unconfined_u:object_r:public_content_t:s0 /opt/publicftp/

ausearch -ts recent -m avc -m user_avc -m selinux_err -ts today根据 Mattiew Ife 的要求转储

----
time->Fri Mar 28 08:27:16 2014
type=SYSCALL msg=audit(1396016836.347:380): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=1630 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396016836.347:380): avc:  denied  { getattr } for  pid=1630 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 08:59:27 2014
type=SYSCALL msg=audit(1396018767.900:382): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=2135 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396018767.900:382): avc:  denied  { getattr } for  pid=2135 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:40:22 2014
type=SYSCALL msg=audit(1396028422.638:420): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b25b40 a1=7fff78b258b0 a2=7fff78b258b0 a3=2 items=0 ppid=1627 pid=4680 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396028422.638:420): avc:  denied  { getattr } for  pid=4680 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:41:30 2014
type=SYSCALL msg=audit(1396028490.482:422): arch=c000003e syscall=4 success=no exit=-13 a0=7fff78b24d60 a1=7fff78b24ad0 a2=7fff78b24ad0 a3=2 items=0 ppid=1627 pid=4680 auid=4294967295 uid=0 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396028490.482:422): avc:  denied  { getattr } for  pid=4680 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:57:01 2014
type=SYSCALL msg=audit(1396029421.740:425): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=4985 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029421.740:425): avc:  denied  { getattr } for  pid=4985 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:57:08 2014
type=SYSCALL msg=audit(1396029428.034:427): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=4988 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029428.034:427): avc:  denied  { getattr } for  pid=4988 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 11:58:08 2014
type=SYSCALL msg=audit(1396029488.740:429): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=5006 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396029488.740:429): avc:  denied  { getattr } for  pid=5006 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:12:46 2014
type=SYSCALL msg=audit(1396030366.681:442): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=5263 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396030366.681:442): avc:  denied  { getattr } for  pid=5263 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:58:02 2014
type=SYSCALL msg=audit(1396033082.409:444): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=6029 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033082.409:444): avc:  denied  { getattr } for  pid=6029 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 12:58:19 2014
type=SYSCALL msg=audit(1396033099.796:446): arch=c000003e syscall=4 success=no exit=-13 a0=7fff1c22bb10 a1=7fff1c22b880 a2=7fff1c22b880 a3=2 items=0 ppid=4981 pid=6036 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033099.796:446): avc:  denied  { getattr } for  pid=6036 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:07:28 2014
type=SYSCALL msg=audit(1396033648.268:459): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6218 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033648.268:459): avc:  denied  { getattr } for  pid=6218 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:12:14 2014
type=SYSCALL msg=audit(1396033934.426:460): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6325 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033934.426:460): avc:  denied  { getattr } for  pid=6325 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:12:25 2014
type=SYSCALL msg=audit(1396033945.963:465): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6329 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033945.963:465): avc:  denied  { getattr } for  pid=6329 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:13:11 2014
type=SYSCALL msg=audit(1396033991.860:466): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2e4dc1f0 a1=7fff2e4dbf60 a2=7fff2e4dbf60 a3=2 items=0 ppid=6081 pid=6346 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396033991.860:466): avc:  denied  { getattr } for  pid=6346 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:21:27 2014
type=SYSCALL msg=audit(1396034487.403:469): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6504 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034487.403:469): avc:  denied  { getattr } for  pid=6504 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:31 2014
type=SYSCALL msg=audit(1396034551.201:470): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6524 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034551.201:470): avc:  denied  { getattr } for  pid=6524 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:32 2014
type=SYSCALL msg=audit(1396034552.990:471): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6526 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034552.990:471): avc:  denied  { getattr } for  pid=6526 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:34 2014
type=SYSCALL msg=audit(1396034554.876:473): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6532 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034554.876:473): avc:  denied  { getattr } for  pid=6532 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:22:34 2014
type=SYSCALL msg=audit(1396034554.039:472): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6530 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034554.039:472): avc:  denied  { getattr } for  pid=6530 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:25:50 2014
type=SYSCALL msg=audit(1396034750.729:478): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6603 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034750.729:478): avc:  denied  { getattr } for  pid=6603 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:25:53 2014
type=SYSCALL msg=audit(1396034753.002:479): arch=c000003e syscall=4 success=no exit=-13 a0=7fff3082b270 a1=7fff3082afe0 a2=7fff3082afe0 a3=2 items=0 ppid=6500 pid=6605 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034753.002:479): avc:  denied  { getattr } for  pid=6605 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:10 2014
type=SYSCALL msg=audit(1396034770.279:482): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6617 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034770.279:482): avc:  denied  { getattr } for  pid=6617 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:19 2014
type=SYSCALL msg=audit(1396034779.884:484): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6624 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034779.884:484): avc:  denied  { getattr } for  pid=6624 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 13:26:18 2014
type=SYSCALL msg=audit(1396034778.119:483): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=6621 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396034778.119:483): avc:  denied  { getattr } for  pid=6621 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:49:43 2014
type=SYSCALL msg=audit(1396043383.187:509): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8966 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043383.187:509): avc:  denied  { getattr } for  pid=8966 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:49:45 2014
type=SYSCALL msg=audit(1396043385.651:510): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8968 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043385.651:510): avc:  denied  { getattr } for  pid=8968 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:17 2014
type=SYSCALL msg=audit(1396043417.374:512): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8985 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043417.374:512): avc:  denied  { getattr } for  pid=8985 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:18 2014
type=SYSCALL msg=audit(1396043418.945:513): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8988 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043418.945:513): avc:  denied  { getattr } for  pid=8988 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 15:50:30 2014
type=SYSCALL msg=audit(1396043430.654:514): arch=c000003e syscall=4 success=no exit=-13 a0=7fffad0396c0 a1=7fffad039430 a2=7fffad039430 a3=2 items=0 ppid=6615 pid=8996 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 ses=4294967295 tty=(none) comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1396043430.654:514): avc:  denied  { getattr } for  pid=8996 comm="proftpd" path="/etc/my.cnf" dev="dm-4" ino=1178354 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_etc_t:s0 tclass=file
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:518): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:519): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
----
time->Fri Mar 28 16:01:01 2014
type=USER_AVC msg=audit(1396044061.990:520): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=4)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

答案1

/opt/publicftp可能标签不正确。您应该将此目录标签更改为public_content_rw_t

semanage fcontext -a -t public_content_t '/opt/publicftp(/.*)?'
restorecon -Rv /opt/publicftp

这也看起来像是 SELinux 策略中的一个可能错误。创建此文件。

policy_module(myftpd_t, 1.0.0)

require {
  type ftpd_t;
}

tunable_policy(`ftpd_connect_db', `
    mysql_read_config(ftpd_t)
')

然后运行make -f /usr/share/selinux/devel/Makefile load编译并插入策略。

只要你确保ftpd_connect_db布尔值成立,这应该(可能)可以解决你的问题。

还要确保你设置/opt/publicftp的权限允许从父目录树和目录本身读取。如果你想允许读/写,你需要使用标签public_content_rw_t而不是public_content_t

相关内容