From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 27 Apr 2010 08:55:18 -0400
Subject: [refpolicy] services_ftp.patch
In-Reply-To: <1272309647.32279.232.camel@gorn>
References: <4B8452B1.5090503@redhat.com> <1272309647.32279.232.camel@gorn>
Message-ID: <4BD6DEB6.7040100@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2010 03:20 PM, Christopher J. PeBenito wrote:
> On Tue, 2010-02-23 at 17:12 -0500, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_ftp.patch
>>
>> Better handling of proftpd
> 
> Why does ftpd_t need sys_admin?
mounting file system on login?
> 
> The change for ftp_home_dir is not acceptable.  Enabling that tunable
> shouldn't allow access to all files.
> 
Perhaps we need another boolean, to allow full access.  If some wants to
allow an ftp server to provide access to all files on the machine.
> Why does ftp need to connect to a db?
> 
You can use a mysql database as a back end for ftp.
>> Added handling of sftpd from sshd
> 
> Otherwise merged.
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvW3rYACgkQrlYvE4MpobNmXACg6tElqZUPBgxM7sRM52ApIjpv
pvsAn3NodMz+sw+ysgmqU67O3B0MI/ZT
=RXkF
-----END PGP SIGNATURE-----