I created this directory for anynomous upload.
Code:
[root@server1 ~]# ls -alZd /var/ftp/uploads/
drwxr-x---. root root unconfined_u:object_r:public_content_t:s0 /var/ftp/uploads/
Now I use lftp to access and put a file in the upload subdirectory.
Then, on another terminal, I attempt to put a file like so:
Code:
[user1@server1 ~]$ lftp server1
lftp server1:~> ls
drwxr-xr-x 2 0 0 6 Nov 05 19:43 pub
drwxr-x--- 2 0 0 6 Feb 23 02:36 uploads
lftp server1:/> put /etc/hosts
put: [Access failed: 553 Could not create file. (hosts)
lftp server1:/>
This should cause a SELinux log to be sent to audit.log, correct?
So I decided to look for what is happening in audit.log.
Quote:
[root@server1 ~]# grep -i AVC /var/log/audit/audit.log
type=USER_AVC msg=audit(1484850001.270:507): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1484928001.515:694): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
...
...
type=USER_AVC msg=audit(1485928330.770:255): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { disable } for auid=1000 uid=0 gid=0 cmdline="systemctl -t service mask all" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1487819347.532:243): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
[root@server1 ~]#
|
But there is no such SELinux log message related to denial of access to copy a file into /var/ftp/uploads.
Why?
Thank you.