vsftpd using mysql

Maria Iano maria at iano.org
Fri Feb 6 16:58:49 UTC 2009 

Thank you so much Dominick - sesearch is a fantastic tool! It tells me  
exactly which booleans will do what I need. Either one of two booleans  
will provide two of the things I need. So there is only one extra  
allow rule that I need to create.

# sesearch --allow -s ftpd_t -t mysqld_var_run_t -c sock_file -p write  
-C
Found 2 av rules:
DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create  
getattr setattr lock append unlink link rename };  
[ allow_ftpd_full_access ]
DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create  
getattr setattr lock append unlink link rename }; [ ftp_home_dir ]

# sesearch --allow -s ftpd_t -t mysqld_db_t -c dir -p search -C
Found 2 av rules:
DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr  
setattr lock unlink link rename add_name remove_name reparent search  
rmdir }; [ allow_ftpd_full_access ]
DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr  
setattr lock unlink link rename add_name remove_name reparent search  
rmdir }; [ ftp_home_dir ]

So I can get
allow ftpd_t mysqld_var_run_t:sock_file write;
and
allow ftpd_t mysqld_db_t:dir search;
with booleans.

The only one that I can't get that way is:
allow ftpd_t mysqld_t:unix_stream_socket connectto;

Thanks!
Maria

On Feb 6, 2009, at 5:05 AM, Dominick Grift wrote:

>
> Op donderdag 05-02-2009 om 18:57 uur [tijdzone -0500], schreef Maria
> Iano
>> I notice there is a boolean for httpd to talk to mysql, which makes  
>> me
>> think there might be one for vsftpd. Does anyone know if such a one
>> exists?
>
> There is no such boolean for ftpd_t yet i think. One can verify this
> using: sesearch --allow -s ftpd_t | grep mysql
>
> There is also a manual page for ftpd_t: man ftpd_selinux
>
> One can easily implement a boolean using the policy you've generated.
> You might consider reporting a feature request to  
> bugzilla.redhat.com in
> the selinux-policy component
>
> hth, Dominick
>
>> Thanks,
>> Maria
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list