From 09c56f549691c4d68bf103c86a60e5b12e9c27d8 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 28 Feb 2007 17:01:47 +0000
Subject: [PATCH] Patch for kerberized ftp and other ftp fixes from Dan Walsh.

---
 Changelog                      | 1 +
 policy/modules/services/ftp.te | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Changelog b/Changelog
index c14a0d10..10e0d51d 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Patch for kerberized ftp and other ftp fixes from Dan Walsh.
 - Patch for an additional wine executable from Dan Walsh.
 - Patch for additional games file contexts from Dan Walsh.
 - Add support for libselinux 2.0.5 init_selinuxmnt() changes.
diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te
index c4a5d18b..89236359 100644
--- a/policy/modules/services/ftp.te
+++ b/policy/modules/services/ftp.te
@@ -1,5 +1,5 @@
 
-policy_module(ftp,1.4.1)
+policy_module(ftp,1.4.2)
 
 ########################################
 #
@@ -125,7 +125,7 @@ auth_domtrans_chk_passwd(ftpd_t)
 auth_append_login_records(ftpd_t)
 #kerberized ftp requires the following
 auth_write_login_records(ftpd_t)
-auth_append_faillog(ftpd_t)
+auth_rw_faillog(ftpd_t)
 
 init_use_fds(ftpd_t)
 init_use_script_ptys(ftpd_t)
@@ -235,6 +235,10 @@ optional_policy(`
 	daemontools_service_domain(ftpd_t, ftpd_exec_t)
 ')
 
+optional_policy(`
+	kerberos_read_keytab(ftpd_t)
+')
+
 optional_policy(`
 	#reh: typeattributes not allowed in conditionals yet.
 	#tunable_policy(`! ftpd_is_daemon',`