I have a ProFTPd server on Centos 6.3 with SELinux Enforcing. My users are virtual users in a flat file. The users are chrooted to directories mounted via NFS. I've already set the following policy:
/usr/sbin/semanage boolean -m --on allow_ftpd_use_nfs
/usr/sbin/semanage boolean -m --on allow_ftpd_anon_write
The users can read and write files without problem. However, they cannot create directories. I get this in audit.log:
type=AVC msg=audit(1364763704.972:25268): avc: denied { create } for pid=2971 comm="proftpd" name="test4" scontext=system_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
Is there away to keep SELinux on but allow directory creation?
Best Answer
That looks like a policy error. Try adding this policy by doing the following..
make -f /usr/share/selinux/devel/Makefile load
This is the policy amendment you need.