-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paul Howarth wrote: > Daniel J Walsh wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Maria Iano wrote: >>> My vsftpd server needs to talk to my mysql server, and is being denied. >>> Before I use audit2allow to make special rules I wanted to ask whether >>> there is a boolean out there that I am missing. Here is what audit2allow >>> gives me: >>> >>> allow ftpd_t mysqld_db_t:dir search; >>> allow ftpd_t mysqld_t:unix_stream_socket connectto; >>> allow ftpd_t mysqld_var_run_t:sock_file write; >>> >>> I notice there is a boolean for httpd to talk to mysql, which makes me >>> think there might be one for vsftpd. Does anyone know if such a one >>> exists? >>> >>> Thanks, >>> Maria >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> >> Why does ftpd talk to mysqld? > > To use a database backend for virtual users I'd guess. > > http://www.niraj.info/vsftpd-mysql > > Paul. Learn something new every day... Miroslav, can you add the following snippets to F9 and F10 policy. ## <desc> ## <p> ## Allow ftp servers to use connect to mysql database ## </p> ## </desc> gen_tunable(ftpd_connect_db, false) ## <desc> ## <p> .... optional_policy(` tunable_policy(`ftpd_connect_db',` mysql_stream_connect(ftpd_t) ') ') -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmRp1QACgkQrlYvE4MpobOr7wCggfFV+KG+kqf1ahBUXlVzSPMk /2EAoJ9rUjRDGIH9UL+wscGEX6adZAHV =adVx -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
