From: dwalsh@redhat.com (Daniel J Walsh) Date: Tue, 27 Apr 2010 08:55:18 -0400 Subject: [refpolicy] services_ftp.patch In-Reply-To: <1272309647.32279.232.camel@gorn> References: <4B8452B1.5090503@redhat.com> <1272309647.32279.232.camel@gorn> Message-ID: <4BD6DEB6.7040100@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/26/2010 03:20 PM, Christopher J. PeBenito wrote: > On Tue, 2010-02-23 at 17:12 -0500, Daniel J Walsh wrote: >> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ftp.patch >> >> Better handling of proftpd > > Why does ftpd_t need sys_admin? mounting file system on login? > > The change for ftp_home_dir is not acceptable. Enabling that tunable > shouldn't allow access to all files. > Perhaps we need another boolean, to allow full access. If some wants to allow an ftp server to provide access to all files on the machine. > Why does ftp need to connect to a db? > You can use a mysql database as a back end for ftp. >> Added handling of sftpd from sshd > > Otherwise merged. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkvW3rYACgkQrlYvE4MpobNmXACg6tElqZUPBgxM7sRM52ApIjpv pvsAn3NodMz+sw+ysgmqU67O3B0MI/ZT =RXkF -----END PGP SIGNATURE-----