Chrooted SFTP users are unable to upload files in SElinux environment.

Solution Verified - Updated -

Issue

  • Chrooted SFTP users are unable to upload files in SElinux environment.

  • Audit logs while trying to upload file to chroot directory.

type=AVC msg=audit(1326732666.977:3088): avc: denied { write } for pid=7138 comm="sshd" name="data" dev=dm-0 ino=529906 scontext=system_u:system_r:chroot_user_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1326732666.977:3088): arch=40000003 syscall=5 success=no exit=-13 a0=1141da0 a1=8241 a2=1a4 a3=f919c4 items=0 ppid=7137 pid=7138 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=487 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:chroot_user_t:s0-s0:c0.c1023 key=(null)

Environment

  • Red Hat Enterprise Linux 6.2
  • selinux-policy-3.7.19-126.el6_2.4
  • selinux-policy-targeted-3.7.19-126.el6_2.4
  • openssh-server-5.3p1-70.el6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.