[selinux-policy: 897/3172] add missing tunable
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:22:34 UTC 2010
commit bea7b4548e53cda3e0d8ec3fb021f7418f49f05a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Oct 31 19:58:51 2005 +0000
add missing tunable
refpolicy/policy/global_tunables | 4 ++++
refpolicy/policy/modules/services/apache.te | 4 ++++
2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index ccf9704..d63d86a 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -71,6 +71,10 @@ gen_tunable(httpd_can_network_connect,false)
## Allow httpd cgi support
gen_tunable(httpd_enable_cgi,false)
+## Allow httpd to act as a FTP server by
+## listening on the ftp port.
+gen_tunable(httpd_enable_ftp_server,false)
+
## Allow httpd to read home directories
gen_tunable(httpd_enable_homedirs,false)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index ba0b385..03f5f29 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -344,6 +344,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
allow httpd_sys_script_t httpdcontent:file { rx_file_perms entrypoint };
')
+tunable_policy(`httpd_enable_ftp_server',`
+ corenet_tcp_bind_ftp_port(httpd_t)
+')
+
tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
More information about the scm-commits
mailing list