rpms/pure-ftpd/FC-5 pure-ftpd.README.SELinux, NONE, 1.1 pure-ftpd.pureftpd.te, NONE, 1.1 pure-ftpd.init, 1.3, 1.4 pure-ftpd.spec, 1.8, 1.9
Aurelien Bompard (abompard)
fedora-extras-commits at redhat.com
Sun May 14 17:38:55 UTC 2006
- Previous message (by thread): rpms/pure-ftpd/devel pure-ftpd.README.SELinux, NONE, 1.1 pure-ftpd.pureftpd.te, NONE, 1.1 pure-ftpd.init, 1.3, 1.4 pure-ftpd.spec, 1.8, 1.9
- Next message (by thread): rpms/pure-ftpd/FC-5 pure-ftpd.spec,1.9,1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: abompard
Update of /cvs/extras/rpms/pure-ftpd/FC-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6327/FC-5
Modified Files:
pure-ftpd.init pure-ftpd.spec
Added Files:
pure-ftpd.README.SELinux pure-ftpd.pureftpd.te
Log Message:
- add SELinux support
- prevent the init script from displaying the config on startup
--- NEW FILE pure-ftpd.README.SELinux ---
=============================
SELinux support for Pure-FTPd
=============================
With this package, Pure-FTPd is now protected in the same way VSFTPd and
ProFTPd are in Fedora.
Read Access
-----------
To allow files to be accessed by Pure-FTPd, you need either :
- to place them in /var/ftp
- to label them with the public_content_t. To do that, you can use::
chcon -t public_content_t file_to_publish
Write Access
------------
If you wish to grant write access, you have to use the public_content_rw_t
type, for example with this command::
chcon -t public_content_rw_t file_to_publish
and you have to turn on the allow_ftpd_anon_write boolean using
system-config-securitylevel, or using the following command::
setsebool -P allow_ftpd_anon_write 1
Access to home directories
--------------------------
If you want to publish files in a user's home directory, you have to turn
on the ftp_home_dir boolean, using system-config-securitylevel, or using
the following command::
setsebool -P ftp_home_dir 1
--- NEW FILE pure-ftpd.pureftpd.te ---
policy_module(pureftpd, 1.0)
require {
type ftpd_t;
};
# Read /var/run/utmp
init_read_utmp(ftpd_t)
init_dontaudit_write_utmp(ftpd_t)
### Allow connect to mysql
# Network connect
corenet_tcp_connect_mysqld_port(ftpd_t)
# Socket file connect
mysql_stream_connect(ftpd_t);
mysql_rw_db_sockets(ftpd_t)
### Allow connect to postgresql
# Network connect
corenet_tcp_connect_postgresql_port(ftpd_t)
# Socket file connect
postgresql_stream_connect(ftpd_t)
# Allow connect to ldap
sysnet_use_ldap(ftpd_t)
Index: pure-ftpd.init
===================================================================
RCS file: /cvs/extras/rpms/pure-ftpd/FC-5/pure-ftpd.init,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- pure-ftpd.init 13 Nov 2005 17:41:27 -0000 1.3
+++ pure-ftpd.init 14 May 2006 17:38:54 -0000 1.4
@@ -30,7 +30,7 @@
start() {
echo -n $"Starting $prog: "
- daemon $pure_launch_script $pure_config --daemonize
+ daemon "$pure_launch_script $pure_config --daemonize > /dev/null"
RETVAL=$?
[ $RETVAL = 0 ] && touch /var/lock/subsys/pure-ftpd
echo
Index: pure-ftpd.spec
===================================================================
RCS file: /cvs/extras/rpms/pure-ftpd/FC-5/pure-ftpd.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- pure-ftpd.spec 9 Apr 2006 15:39:17 -0000 1.8
+++ pure-ftpd.spec 14 May 2006 17:38:54 -0000 1.9
@@ -1,6 +1,6 @@
Name: pure-ftpd
Version: 1.0.21
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: Lightweight, fast and secure FTP server
Group: System Environment/Daemons
@@ -12,6 +12,8 @@
Source3: pure-ftpd.xinetd
Source4: pure-ftpd.pure-ftpwho.pam
Source5: pure-ftpd.pure-ftpwho.consoleapp
+Source6: pure-ftpd.README.SELinux
+Source7: pure-ftpd.pureftpd.te
Patch0: pure-ftpd-1.0.21-config.patch
Patch1: pure-ftpd-1.0.20-libdir.patch
Provides: ftpserver
@@ -21,6 +23,7 @@
%{!?_without_mysql:BuildRequires: mysql-devel}
%{!?_without_pgsql:BuildRequires: postgresql-devel}
%{!?_without_tls:BuildRequires: openssl-devel}
+BuildRequires: selinux-policy
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts
@@ -45,10 +48,28 @@
--without tls disable SSL/TLS
+%package selinux
+Summary: SELinux support for Pure-FTPD
+Group: System Environment/Daemons
+Requires: %{name} = %{version}
+Requires(post): policycoreutils, initscripts, %{name}
+Requires(preun): policycoreutils, initscripts, %{name}
+Requires(postun): policycoreutils
+
+%description selinux
+This package adds SELinux enforcement to Pure-FTPD. Install it if you want
+Pure-FTPd to be protected in the same way other FTP servers are in Fedora
+(e.g. VSFTPd and ProFTPd)
+
+
+
%prep
%setup -q
%patch0 -p0 -b .config
%patch1 -p0 -b .libdir
+cp -p %{SOURCE6} README.SELinux
+mkdir selinux
+cp -p %{SOURCE7} selinux/pureftpd.te
%build
@@ -83,6 +104,7 @@
make %{?_smp_mflags}
+
%install
rm -rf $RPM_BUILD_ROOT
@@ -135,13 +157,22 @@
install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/security/console.apps/pure-ftpwho
ln -s consolehelper $RPM_BUILD_ROOT%{_bindir}/pure-ftpwho
+# SELinux support
+cd selinux
+echo "%{_sbindir}/pure-ftpd system_u:object_r:ftpd_exec_t:s0" > pureftpd.fc
+echo '%{_localstatedir}/log/pureftpd.log system_u:object_r:xferlog_t:s0' >> pureftpd.fc
+touch pureftpd.if
+make -f %{_datadir}/selinux/devel/Makefile
+install -p -m 644 -D pureftpd.pp $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/pureftpd.pp
+
+
%clean
rm -rf $RPM_BUILD_ROOT
%post
-if [ "$1" -le "1" ]; then
+if [ "$1" -le "1" ]; then # fist install
/sbin/chkconfig --add pure-ftpd
fi
@@ -151,12 +182,35 @@
/sbin/chkconfig --del pure-ftpd
fi
-%postun
+%postun
if [ "$1" -ge "1" ]; then
/sbin/service pure-ftpd condrestart > /dev/null 2>&1
fi
+%post selinux
+if [ "$1" -le "1" ]; then # Fist install
+ semodule -i %{_datadir}/selinux/packages/%{name}/pureftpd.pp 2>/dev/null || :
+ fixfiles -R pure-ftpd restore
+ /sbin/service pure-ftpd condrestart > /dev/null 2>&1
+fi
+
+%preun selinux
+if [ "$1" -lt "1" ]; then # Final removal
+ semodule -r pureftpd 2>/dev/null || :
+ fixfiles -R pure-ftpd restore
+ /sbin/service pure-ftpd condrestart > /dev/null 2>&1
+fi
+
+%postun selinux
+if [ "$1" -ge "1" ]; then # Upgrade
+ # Replaces the module if it is already loaded
+ semodule -i %{_datadir}/selinux/packages/%{name}/pureftpd.pp 2>/dev/null || :
+ # no need to restart the daemon
+fi
+
+
+
%files
%defattr(-, root, root, -)
%doc FAQ THANKS README.Authentication-Modules README.Virtual-Users README
@@ -177,7 +231,17 @@
%dir /var/ftp/
+%files selinux
+%defattr(-, root, root, -)
+%doc README.SELinux
+%{_datadir}/selinux/packages/%{name}/pureftpd.pp
+
+
%changelog
+* Sun May 14 2006 Aurelien Bompard <gauret[AT]free.fr> 1.0.21-4
+- add SELinux support
+- prevent the init script from displaying the config on startup
+
* Sun Apr 09 2006 Aurelien Bompard <gauret[AT]free.fr> 1.0.21-3
- fix mysql socket location (bug 188426)
- Previous message (by thread): rpms/pure-ftpd/devel pure-ftpd.README.SELinux, NONE, 1.1 pure-ftpd.pureftpd.te, NONE, 1.1 pure-ftpd.init, 1.3, 1.4 pure-ftpd.spec, 1.8, 1.9
- Next message (by thread): rpms/pure-ftpd/FC-5 pure-ftpd.spec,1.9,1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list