From: lvrabec@redhat.com (Lukas Vrabec)
Date: Thu, 10 Mar 2016 14:04:34 +0100
Subject: [refpolicy] Enable ftpd_connect_all_unreserved boolean by default
Message-ID: <56E170E2.4080302@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi all,

In current selinux-policy we have two booleans related to ftp 
active/passive mode communication. Both of these booleans are turned off 
by default.
ftpd_use_passive_mode          (off  ,  off)
ftpd_connect_all_unreserved    (off  ,  off)

In this situation, ftp daemon cannot start without changing one of this 
booleans.

I suggest enabling "ftpd_connect_all_unreserved" boolean by default.

Your ideas?


Thank you for discussion.

-- 
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.