[SOLVED] SELinux blocking proftpd/mysql communication

Support for security such as Firewalls and securing linux
Post Reply
strfr
Posts: 10
Joined: 2011/08/15 08:24:46

[SOLVED] SELinux blocking proftpd/mysql communication

Post by strfr » 2011/08/29 08:43:09

Dear all,

SELinux is blocking communication between proftpd and mysql database

When I try to connect FTP client my audit.log is reporting following:
type=AVC msg=audit(1314606216.157:426): avc: denied { search } for pid=7326 comm="proftpd" name="mysql" dev=dm-0 ino=918623 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
type=SYSCALL msg=audit(1314606216.157:426): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9f7220 a2=3c20c0 a3=c items=0 ppid=1527 pid=7326 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=4294967295 comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1314606216.158:427): avc: denied { search } for pid=7326 comm="proftpd" name="mysql" dev=dm-0 ino=918623 scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mysqld_db_t:s0 tclass=dir
type=SYSCALL msg=audit(1314606216.158:427): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9f6070 a2=3c20c0 a3=0 items=0 ppid=1527 pid=7326 auid=4294967295 uid=0 gid=99 euid=99 suid=0 fsuid=99 egid=99 sgid=99 fsgid=99 tty=(none) ses=4294967295 comm="proftpd" exe="/usr/sbin/proftpd" subj=system_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)

At the same time my messages are showing:
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - FTP session opened.
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - mod_sql/4.2.5: unrecoverable backend error: (2002) Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - mod_sql/4.2.5: check the SQLLogFile for more details
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - mod_sql/4.2.5: unrecoverable backend error: (2002) Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - mod_sql/4.2.5: check the SQLLogFile for more details
Aug 29 10:23:36 ftpsrv proftpd[7326]: 127.0.0.1 (::ffff:10.0.50.30[::ffff:10.0.50.30]) - FTP session closed.

Anyone suggestions?

Thanks in advance!

Frantisek
Top
strfr
Posts: 10
Joined: 2011/08/15 08:24:46

Re: SELinux blocking proftpd/mysql communication

Post by strfr » 2011/08/29 09:18:10

update: setting SELinux bolean "setsebool ftpd_connect_db 1" solved the problem

Any major security risk with this setup?

Thanks

Frantisek
Top
Post Reply

Return to “CentOS 6 - Security Support”