Blake Hudson
2011-05-09 18:46:11 UTC
I noticed that when upgrading from proftpd 1.3.2 to 1.3.3c, proftpd
failed to start.
I tracked this down to AVC denials, caused by the new version trying to
place its .pid, .scoreboard, and other files directly into /var instead
of /var/run or /var/run/proftpd. I compared the proftpd compile time
options between these two versions and found that proftpd was configured
to use the /var/ instead of /var/run/proftpd/ for its localstatedir. I
believe there may have been an upstream change that caused this to
occur. However, the --localstatedir option can be applied in the RPM
.SPEC file to pass the localstatedir at build time. This option was not
set, I have attached a patch file that can be applied to Dag's
proftpd.spec to correct the problem. Other solutions welcome.
This is my first patch submission, please let me know if there's
anything else I can (or need to) do.
Thanks,
--Blake
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20110509/64ee1f01/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: proftpd.spec.bh.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20110509/64ee1f01/attachment.pl
failed to start.
I tracked this down to AVC denials, caused by the new version trying to
place its .pid, .scoreboard, and other files directly into /var instead
of /var/run or /var/run/proftpd. I compared the proftpd compile time
options between these two versions and found that proftpd was configured
to use the /var/ instead of /var/run/proftpd/ for its localstatedir. I
believe there may have been an upstream change that caused this to
occur. However, the --localstatedir option can be applied in the RPM
.SPEC file to pass the localstatedir at build time. This option was not
set, I have attached a patch file that can be applied to Dag's
proftpd.spec to correct the problem. Other solutions welcome.
This is my first patch submission, please let me know if there's
anything else I can (or need to) do.
Thanks,
--Blake
[root at alpha var]# proftpd -V
* Version: 1.3.3c (maint)*
Platform: LINUX [Linux 2.6.18-194.8.1.el5 i686]
Built: Thu Nov 18 2010 03:37:38 CET
configure '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--libexecdir=/usr/libexec/proftpd'
'--enable-ctrls' '--enable-dso' '--enable-facl' '--enable-ipv6'
'--enable-openssl' '--with-includes=/usr/include/mysql'
'--with-libraries=/usr/lib/mysql'
'--with-modules=mod_readme:mod_auth_pam:mod_tls'
'--with-shared=mod_ldap:mod_sql:mod_sql_mysql:mod_sql_postgres:mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_sql'
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables -I/usr/kerberos/include ' 'LDFLAGS=
-L/usr/kerberos/lib '
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=generic -fasynchronous-unwind-tables -I/usr/kerberos/include
-Wall
LDFLAGS: -L$(top_srcdir)/lib -L/usr/kerberos/lib -L/usr/lib/mysql
LIBS: -lacl -lssl -lcrypto -lssl -lcrypto -lcap -lssl -lcrypto
-lpam -lsupp -lcrypt -ldl -ldl
/etc/proftpd.conf
/var/proftpd.pid
/var/proftpd.scoreboard*
/usr/include/proftpd
/usr/libexec/proftpd
- Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
+ ncurses support
- NLS support
+ OpenSSL support
+ POSIX ACL support
- Shadow file suppport
+ Sendfile support
+ Trace support
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
[root at TwinS ~]# proftpd -V
* Version: 1.3.2 (stable)*
Platform: LINUX
Built: Wed Mar 25 16:12:43 CDT 2009
configure '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--libexecdir=/usr/libexec/proftpd'
'--localstatedir=/var/run' '--enable-ctrls' '--enable-dso'
'--enable-facl' '--enable-ipv6' '--enable-openssl'
'--with-includes=/usr/include/mysql' '--with-libraries=/usr/lib/mysql'
'--with-modules=mod_readme:mod_auth_pam:mod_tls'
'--with-shared=mod_ldap:mod_sql:mod_sql_mysql:mod_sql_postgres:mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_sql'
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables -I/usr/kerberos/include ' 'LDFLAGS=
-L/usr/kerberos/lib ' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables' 'FFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables'
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=pentium4 -fasynchronous-unwind-tables -I/usr/kerberos/include
-Wall
LDFLAGS: -L$(top_srcdir)/lib -L/usr/kerberos/lib
LIBS: -lacl -lssl -lcrypto -lssl -lcrypto -lcap -lssl -lcrypto
-lpam -lsupp -lcrypt
/etc/proftpd.conf
/var/run/proftpd.pid
/var/run/proftpd/proftpd.scoreboard*
/usr/include/proftpd
/usr/libexec/proftpd
- Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
+ ncurses support
- NLS support
+ OpenSSL support
+ POSIX ACL support
+ Shadow file support
+ Sendfile support
+ Trace support
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_GLOBBING_MAX = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
-------------- next part --------------* Version: 1.3.3c (maint)*
Platform: LINUX [Linux 2.6.18-194.8.1.el5 i686]
Built: Thu Nov 18 2010 03:37:38 CET
configure '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--libexecdir=/usr/libexec/proftpd'
'--enable-ctrls' '--enable-dso' '--enable-facl' '--enable-ipv6'
'--enable-openssl' '--with-includes=/usr/include/mysql'
'--with-libraries=/usr/lib/mysql'
'--with-modules=mod_readme:mod_auth_pam:mod_tls'
'--with-shared=mod_ldap:mod_sql:mod_sql_mysql:mod_sql_postgres:mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_sql'
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic
-fasynchronous-unwind-tables -I/usr/kerberos/include ' 'LDFLAGS=
-L/usr/kerberos/lib '
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=generic -fasynchronous-unwind-tables -I/usr/kerberos/include
-Wall
LDFLAGS: -L$(top_srcdir)/lib -L/usr/kerberos/lib -L/usr/lib/mysql
LIBS: -lacl -lssl -lcrypto -lssl -lcrypto -lcap -lssl -lcrypto
-lpam -lsupp -lcrypt -ldl -ldl
/etc/proftpd.conf
/var/proftpd.pid
/var/proftpd.scoreboard*
/usr/include/proftpd
/usr/libexec/proftpd
- Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
+ ncurses support
- NLS support
+ OpenSSL support
+ POSIX ACL support
- Shadow file suppport
+ Sendfile support
+ Trace support
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
[root at TwinS ~]# proftpd -V
* Version: 1.3.2 (stable)*
Platform: LINUX
Built: Wed Mar 25 16:12:43 CDT 2009
configure '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib'
'--libexecdir=/usr/libexec' '--localstatedir=/var'
'--sharedstatedir=/usr/com' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--libexecdir=/usr/libexec/proftpd'
'--localstatedir=/var/run' '--enable-ctrls' '--enable-dso'
'--enable-facl' '--enable-ipv6' '--enable-openssl'
'--with-includes=/usr/include/mysql' '--with-libraries=/usr/lib/mysql'
'--with-modules=mod_readme:mod_auth_pam:mod_tls'
'--with-shared=mod_ldap:mod_sql:mod_sql_mysql:mod_sql_postgres:mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_sql'
'build_alias=i686-redhat-linux-gnu' 'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables -I/usr/kerberos/include ' 'LDFLAGS=
-L/usr/kerberos/lib ' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables' 'FFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i386 -mtune=pentium4
-fasynchronous-unwind-tables'
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386
-mtune=pentium4 -fasynchronous-unwind-tables -I/usr/kerberos/include
-Wall
LDFLAGS: -L$(top_srcdir)/lib -L/usr/kerberos/lib
LIBS: -lacl -lssl -lcrypto -lssl -lcrypto -lcap -lssl -lcrypto
-lpam -lsupp -lcrypt
/etc/proftpd.conf
/var/run/proftpd.pid
/var/run/proftpd/proftpd.scoreboard*
/usr/include/proftpd
/usr/libexec/proftpd
- Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
- Lastlog support
+ ncurses support
- NLS support
+ OpenSSL support
+ POSIX ACL support
+ Shadow file support
+ Sendfile support
+ Trace support
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_GLOBBING_MAX = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 30
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10
An HTML attachment was scrubbed...
URL: http://lists.repoforge.org/pipermail/users/attachments/20110509/64ee1f01/attachment.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: proftpd.spec.bh.patch
Url: http://lists.repoforge.org/pipermail/users/attachments/20110509/64ee1f01/attachment.pl