From: paul@city-fan.org (Paul Howarth)
Date: Mon, 26 Apr 2010 21:02:55 +0100
Subject: [refpolicy] services_ftp.patch
In-Reply-To: <4BD5EB3A.3080409@giz-works.com>
References: <4B8452B1.5090503@redhat.com> <1272309647.32279.232.camel@gorn>
	<4BD5EB3A.3080409@giz-works.com>
Message-ID: <20100426210255.34962f60@city-fan.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 26 Apr 2010 14:36:26 -0500
Chris Richards <gizmo@giz-works.com> wrote:

> I don't know in relation to this policy, but I know ProFTPD can use a 
> mysql db for authentication.
> 
> Later,
> Chris
> 
> On 04/26/2010 02:20 PM, Christopher J. PeBenito wrote:
> > On Tue, 2010-02-23 at 17:12 -0500, Daniel J Walsh wrote:
> >    
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ftp.patch
> >>
> >> Better handling of proftpd
> >>      
> > Why does ftpd_t need sys_admin?
> >
> > The change for ftp_home_dir is not acceptable.  Enabling that
> > tunable shouldn't allow access to all files.
> >
> > Why does ftp need to connect to a db?

Not just ProFTPd. See discussion here:

http://lists.fedoraproject.org/pipermail/selinux/2009-February/010463.html

Paul.