Re: vsftpd using mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you so much Dominick - sesearch is a fantastic tool! It tells me exactly which booleans will do what I need. Either one of two booleans will provide two of the things I need. So there is only one extra allow rule that I need to create.
# sesearch --allow -s ftpd_t -t mysqld_var_run_t -c sock_file -p write -C 
Found 2 av rules:
DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename }; [ allow_ftpd_full_access ] DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename }; [ ftp_home_dir ] 

# sesearch --allow -s ftpd_t -t mysqld_db_t -c dir -p search -C
Found 2 av rules:
DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir }; [ allow_ftpd_full_access ] DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir }; [ ftp_home_dir ] 

So I can get
allow ftpd_t mysqld_var_run_t:sock_file write;
and
allow ftpd_t mysqld_db_t:dir search;
with booleans.

The only one that I can't get that way is:
allow ftpd_t mysqld_t:unix_stream_socket connectto;

Thanks!
Maria

On Feb 6, 2009, at 5:05 AM, Dominick Grift wrote:



Op donderdag 05-02-2009 om 18:57 uur [tijdzone -0500], schreef Maria
Iano
I notice there is a boolean for httpd to talk to mysql, which makes me 
think there might be one for vsftpd. Does anyone know if such a one
exists?


There is no such boolean for ftpd_t yet i think. One can verify this
using: sesearch --allow -s ftpd_t | grep mysql

There is also a manual page for ftpd_t: man ftpd_selinux

One can easily implement a boolean using the policy you've generated.
You might consider reporting a feature request to bugzilla.redhat.com in 
the selinux-policy component

hth, Dominick


Thanks,
Maria

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list




--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux