Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Maria Iano wrote:
My vsftpd server needs to talk to my mysql server, and is being denied.
Before I use audit2allow to make special rules I wanted to ask whether
there is a boolean out there that I am missing. Here is what audit2allow
gives me:
allow ftpd_t mysqld_db_t:dir search;
allow ftpd_t mysqld_t:unix_stream_socket connectto;
allow ftpd_t mysqld_var_run_t:sock_file write;
I notice there is a boolean for httpd to talk to mysql, which makes me
think there might be one for vsftpd. Does anyone know if such a one
exists?
Thanks,
Maria
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Why does ftpd talk to mysqld?
To use a database backend for virtual users I'd guess.
http://www.niraj.info/vsftpd-mysql
Paul.
Learn something new every day...
Miroslav, can you add the following snippets to F9 and F10 policy.
## <desc>
## <p>
## Allow ftp servers to use connect to mysql database
## </p>
## </desc>
gen_tunable(ftpd_connect_db, false)
## <desc>
## <p>
....
optional_policy(`
tunable_policy(`ftpd_connect_db',`
mysql_stream_connect(ftpd_t)
')
')
It's not just vsftpd that can do this btw - proftpd supports postgresql
and LDAP backends for this purpose.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
