[selinux-policy: 710/3172] add in a few parts of ftp

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 20:06:15 UTC 2010 

commit 246a6042738a1fb44948301fbf779d5acdeb9240
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Sep 27 22:29:45 2005 +0000

    add in a few parts of ftp

 refpolicy/policy/modules/services/cron.te    |    4 ++++
 refpolicy/policy/modules/services/tcpd.if    |   21 +++++++++++++++++++++
 refpolicy/policy/modules/system/init.te      |    4 ++++
 refpolicy/policy/modules/system/miscfiles.fc |    6 ++++++
 4 files changed, 35 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index da38369..8596714 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -326,6 +326,10 @@ tunable_policy(`cron_can_relabel',`
 	seutil_read_file_contexts(system_crond_t)
 ')
 
+optional_policy(`ftp.te',`
+	ftp_read_log(system_crond_t)
+')
+
 optional_policy(`mysql.te',`
 	mysql_read_config(system_crond_t)
 ')
diff --git a/refpolicy/policy/modules/services/tcpd.if b/refpolicy/policy/modules/services/tcpd.if
index 1e5176f..d43e529 100644
--- a/refpolicy/policy/modules/services/tcpd.if
+++ b/refpolicy/policy/modules/services/tcpd.if
@@ -1 +1,22 @@
 ## <summary>Policy for TCP daemon.</summary>
+
+########################################
+## <summary>
+##	Execute tcpd in the tcpd domain.
+## </summary>
+## <param name="domain">
+##	The type of the process performing this action.
+## </param>
+#
+interface(`tcpd_domtrans',`
+	gen_require(`
+		type tcpd_t, tcpd_exec_t;
+	')
+
+	domain_auto_trans($1,tcpd_exec_t,tcpd_t)
+
+	allow $1 tcpd_t:fd use;
+	allow tcpd_t $1:fd use;
+	allow tcpd_t $1:fifo_file rw_file_perms;
+	allow tcpd_t $1:process sigchld;
+')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 4d86805..d2477ff 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -429,6 +429,10 @@ optional_policy(`cpucontrol.te',`
 	dev_getattr_cpu(initrc_t)
 ')
 
+optional_policy(`ftp.te',`
+	ftp_read_config(initrc_t)
+')
+
 optional_policy(`gpm.te',`
 	gpm_setattr_gpmctl(initrc_t)
 ')
diff --git a/refpolicy/policy/modules/system/miscfiles.fc b/refpolicy/policy/modules/system/miscfiles.fc
index 770a32d..53e11f1 100644
--- a/refpolicy/policy/modules/system/miscfiles.fc
+++ b/refpolicy/policy/modules/system/miscfiles.fc
@@ -9,6 +9,10 @@
 #
 /opt/(.*)?/man(/.*)?		context_template(system_u:object_r:man_t,s0)
 
+#
+# /srv
+#
+/srv/([^/]*/)?ftp(/.*)?		context_template(system_u:object_r:ftpd_anon_t,s0)
 /srv/([^/]*/)?rsync(/.*)?	context_template(system_u:object_r:ftpd_anon_t,s0)
 
 #
@@ -40,6 +44,8 @@
 #
 # /var
 #
+/var/ftp(/.*)?			context_template(system_u:object_r:ftpd_anon_t,s0)
+
 ifdef(`distro_debian', `
 /var/lib/msttcorefonts(/.*)?	context_template(system_u:object_r:fonts_t,s0)
 ')

More information about the scm-commits mailing list