From: paul@city-fan.org (Paul Howarth) Date: Mon, 26 Apr 2010 21:02:55 +0100 Subject: [refpolicy] services_ftp.patch In-Reply-To: <4BD5EB3A.3080409@giz-works.com> References: <4B8452B1.5090503@redhat.com> <1272309647.32279.232.camel@gorn> <4BD5EB3A.3080409@giz-works.com> Message-ID: <20100426210255.34962f60@city-fan.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 26 Apr 2010 14:36:26 -0500 Chris Richards wrote: > I don't know in relation to this policy, but I know ProFTPD can use a > mysql db for authentication. > > Later, > Chris > > On 04/26/2010 02:20 PM, Christopher J. PeBenito wrote: > > On Tue, 2010-02-23 at 17:12 -0500, Daniel J Walsh wrote: > > > >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ftp.patch > >> > >> Better handling of proftpd > >> > > Why does ftpd_t need sys_admin? > > > > The change for ftp_home_dir is not acceptable. Enabling that > > tunable shouldn't allow access to all files. > > > > Why does ftp need to connect to a db? Not just ProFTPd. See discussion here: http://lists.fedoraproject.org/pipermail/selinux/2009-February/010463.html Paul.