proftpd and ftpdctl

Fri Jun 9 01:23:37 UTC 2006

Paul Howarth wrote:
> The recent update of proftpd in Extras to 1.3.0 has introduced a new 
> feature, an "ftpdctl" program allowing some run-time control of the 
> FTP daemon, somewhat akin to rndc with named. This needs new policy. 
> Below is what's working for me:
You should submit this for acceptance in the upstream policy package.  
It will probably get rolled into the ftp policy package.

You should submit updates to
"Christopher J. PeBenito" <cpebenito at tresys.com>

>
> ===== proftpd.if =====
> ## <summary>FTP Daemon Control Program.</summary>
>
> ########################################
> ## <summary>
> ##      Execute the ftpdctl program in the ftpdctl domain.
> ## </summary>
> ## <param name="domain">
> ##      <summary>
> ##      Domain allowed access.
> ##      </summary>
> ## </param>
> #
> interface(`ftpdctl_domtrans',`
>         gen_require(`
>                 type ftpdctl_t, ftpdctl_exec_t;
>         ')
>
>         corecmd_search_bin($1)
>         domain_auto_trans($1, ftpdctl_exec_t, ftpdctl_t)
>
>         allow $1 ftpdctl_t:fd use;
>         allow ftpdctl_t $1:fd use;
>         allow ftpdctl_t $1:fifo_file rw_file_perms;
>         allow ftpdctl_t $1:process sigchld;
> ')
>
> ===== proftpd.fc =====
> /usr/bin/ftpdctl        -- 
> gen_context(system_u:object_r:ftpdctl_exec_t,s0)
>
> ===== proftpd.te =====
> policy_module(proftpd, 0.4.0)
>
> ########################################
> #
> # Declarations
> #
>
> require {
>         type ftpd_t;
>         type ftpd_var_run_t;
>         type xferlog_t;
> };
>
> # run ftpdctl in its own domain
> type ftpdctl_t;
> type ftpdctl_exec_t;
> init_system_domain(ftpdctl_t,ftpdctl_exec_t)
> role system_r types ftpdctl_t;
>
> # ftpdctl control sockets have their own domain
> # When ftpdctl is run, it creates a socket in /tmp and then binds it
> # to the control socket for the running proftpd server, usually at
> # /var/run/proftpd/proftpd.sock
> type ftpdctl_tmp_t;
> files_tmp_file(ftpdctl_tmp_t)
>
> ########################################
> #
> # Local policy
> #
>
> # Temporary sockets created by ftpdctl are ftpdctl_tmp_t
> files_tmp_filetrans(ftpdctl_t, ftpdctl_tmp_t, { sock_file })
>
> # Fixed in selinux-policy 2.2.29-6
> #allow ftpd_t xferlog_t:dir { getattr search };
>
> # Allow proftpd to read the routing table
> allow ftpd_t self:netlink_route_socket { r_netlink_socket_perms };
>
> # Allow proftpd to create and use a control socket 
> (/var/run/proftpd/proftpd.sock)
> allow ftpd_t self:unix_stream_socket listen;
> allow ftpd_t ftpd_var_run_t:sock_file { create setattr unlink };
>
> # Allow proftpd to remove temporary communications sockets created by 
> ftpdctl
> allow ftpd_t ftpdctl_tmp_t:sock_file { getattr unlink };
>
> # Transition to ftpdctl_t from unconfined_t
> ftpdctl_domtrans(unconfined_t)
> libs_use_ld_so(ftpdctl_t)
> libs_use_shared_libs(ftpdctl_t)
> term_use_generic_ptys(ftpdctl_t)
>
> # Allow ftpdctl to read config files
> files_read_etc_files(ftpdctl_t)
>
> # Allow ftpdctl to create and use temporary sockets
> allow ftpdctl_t ftpdctl_tmp_t:sock_file { create setattr };
>
> # Allow ftpdctl to talk to ftpd over a socket connection
> allow ftpdctl_t ftpd_t:unix_stream_socket connectto;
> allow ftpdctl_t ftpd_var_run_t:dir search;
> allow ftpdctl_t ftpd_var_run_t:sock_file write;
>
> Paul.
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list