vsftpd using mysql
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 10 17:12:17 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Paul Howarth wrote:
> Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Paul Howarth wrote:
>>> Daniel J Walsh wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Maria Iano wrote:
>>>>> My vsftpd server needs to talk to my mysql server, and is being
>>>>> denied.
>>>>> Before I use audit2allow to make special rules I wanted to ask whether
>>>>> there is a boolean out there that I am missing. Here is what
>>>>> audit2allow
>>>>> gives me:
>>>>>
>>>>> allow ftpd_t mysqld_db_t:dir search;
>>>>> allow ftpd_t mysqld_t:unix_stream_socket connectto;
>>>>> allow ftpd_t mysqld_var_run_t:sock_file write;
>>>>>
>>>>> I notice there is a boolean for httpd to talk to mysql, which makes me
>>>>> think there might be one for vsftpd. Does anyone know if such a one
>>>>> exists?
>>>>>
>>>>> Thanks,
>>>>> Maria
>>>>>
>>>>> --
>>>>> fedora-selinux-list mailing list
>>>>> fedora-selinux-list at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>> Why does ftpd talk to mysqld?
>>> To use a database backend for virtual users I'd guess.
>>>
>>> http://www.niraj.info/vsftpd-mysql
>>>
>>> Paul.
>> Learn something new every day...
>>
>> Miroslav, can you add the following snippets to F9 and F10 policy.
>>
>>
>> ## <desc>
>> ## <p>
>> ## Allow ftp servers to use connect to mysql database
>> ## </p>
>> ## </desc>
>> gen_tunable(ftpd_connect_db, false)
>>
>> ## <desc>
>> ## <p>
>>
>> ....
>>
>> optional_policy(`
>> tunable_policy(`ftpd_connect_db',`
>> mysql_stream_connect(ftpd_t)
>> ')
>> ')
>
> It's not just vsftpd that can do this btw - proftpd supports postgresql
> and LDAP backends for this purpose.
>
> Paul.
Already can connect to ldap through auth_use_sswitch.
optional_policy(`
tunable_policy(`ftpd_connect_db',`
mysql_stream_connect(ftpd_t)
')
')
optional_policy(`
tunable_policy(`ftpd_connect_db',`
postgresql_stream_connect(ftpd_t)
')
')
tunable_policy(`ftpd_connect_db',`
corenet_tcp_connect_mysqld_port(ftpd_t)
corenet_tcp_connect_postgresql_port(ftpd_t)
')
But these others should handle both local and remote databases.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmRtXEACgkQrlYvE4MpobMGkACeKTWJPpNG8cEnf4x/j3x3wc0d
U7gAoOuIMrLIC1/FpxwFY0de+EW1SkLZ
=KOs4
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list