# sesearch --allow -s ftpd_t -t mysqld_var_run_t -c sock_file -p write -C
Found 2 av rules:DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename }; [ allow_ftpd_full_access ] DT allow ftpd_t mysqld_var_run_t : sock_file { ioctl read write create getattr setattr lock append unlink link rename }; [ ftp_home_dir ]
# sesearch --allow -s ftpd_t -t mysqld_db_t -c dir -p search -C Found 2 av rules:DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir }; [ allow_ftpd_full_access ] DT allow ftpd_t mysqld_db_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir }; [ ftp_home_dir ]
So I can get allow ftpd_t mysqld_var_run_t:sock_file write; and allow ftpd_t mysqld_db_t:dir search; with booleans. The only one that I can't get that way is: allow ftpd_t mysqld_t:unix_stream_socket connectto; Thanks! Maria On Feb 6, 2009, at 5:05 AM, Dominick Grift wrote:
Op donderdag 05-02-2009 om 18:57 uur [tijdzone -0500], schreef Maria IanoI notice there is a boolean for httpd to talk to mysql, which makes methink there might be one for vsftpd. Does anyone know if such a one exists?There is no such boolean for ftpd_t yet i think. One can verify this using: sesearch --allow -s ftpd_t | grep mysql There is also a manual page for ftpd_t: man ftpd_selinux One can easily implement a boolean using the policy you've generated.You might consider reporting a feature request to bugzilla.redhat.com inthe selinux-policy component hth, DominickThanks, Maria -- fedora-selinux-list mailing list fedora-selinux-list redhat com https://www.redhat.com/mailman/listinfo/fedora-selinux-list