vsftpd using mysql
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 10 16:12:04 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Maria Iano wrote:
>>> My vsftpd server needs to talk to my mysql server, and is being denied.
>>> Before I use audit2allow to make special rules I wanted to ask whether
>>> there is a boolean out there that I am missing. Here is what audit2allow
>>> gives me:
>>>
>>> allow ftpd_t mysqld_db_t:dir search;
>>> allow ftpd_t mysqld_t:unix_stream_socket connectto;
>>> allow ftpd_t mysqld_var_run_t:sock_file write;
>>>
>>> I notice there is a boolean for httpd to talk to mysql, which makes me
>>> think there might be one for vsftpd. Does anyone know if such a one
>>> exists?
>>>
>>> Thanks,
>>> Maria
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>> Why does ftpd talk to mysqld?
>
> To use a database backend for virtual users I'd guess.
>
> http://www.niraj.info/vsftpd-mysql
>
> Paul.
Learn something new every day...
Miroslav, can you add the following snippets to F9 and F10 policy.
## <desc>
## <p>
## Allow ftp servers to use connect to mysql database
## </p>
## </desc>
gen_tunable(ftpd_connect_db, false)
## <desc>
## <p>
....
optional_policy(`
tunable_policy(`ftpd_connect_db',`
mysql_stream_connect(ftpd_t)
')
')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmRp1QACgkQrlYvE4MpobOr7wCggfFV+KG+kqf1ahBUXlVzSPMk
/2EAoJ9rUjRDGIH9UL+wscGEX6adZAHV
=adVx
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list