158 lines
3.3 KiB
Plaintext
158 lines
3.3 KiB
Plaintext
## <summary>File transfer protocol service</summary>
|
|
|
|
#######################################
|
|
## <summary>
|
|
## The per role template for the ftp module.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## This template allows ftpd to manage files in
|
|
## a user home directory, creating files with the
|
|
## correct type.
|
|
## </p>
|
|
## <p>
|
|
## This template is invoked automatically for each user, and
|
|
## generally does not need to be invoked directly
|
|
## by policy writers.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="userdomain_prefix">
|
|
## <summary>
|
|
## The prefix of the user domain (e.g., user
|
|
## is the prefix for user_t).
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`ftp_per_role_template',`
|
|
gen_require(`
|
|
type ftpd_t;
|
|
')
|
|
|
|
userdom_manage_user_home_content_files($1,ftpd_t)
|
|
userdom_manage_user_home_content_symlinks($1,ftpd_t)
|
|
userdom_manage_user_home_content_sockets($1,ftpd_t)
|
|
userdom_manage_user_home_content_pipes($1,ftpd_t)
|
|
userdom_user_home_dir_filetrans_user_home_content($1,ftpd_t,{ dir file lnk_file sock_file fifo_file })
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Use ftp by connecting over TCP. (Deprecated)
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ftp_tcp_connect',`
|
|
refpolicywarn(`$0($*) has been deprecated.')
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read ftpd etc files
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ftp_read_config',`
|
|
gen_require(`
|
|
type ftpd_etc_t;
|
|
')
|
|
|
|
files_search_etc($1)
|
|
allow $1 ftpd_etc_t:file { getattr read };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute FTP daemon entry point programs.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ftp_check_exec',`
|
|
gen_require(`
|
|
type ftpd_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
allow $1 ftpd_exec_t:file { getattr execute };
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read FTP transfer logs
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ftp_read_log',`
|
|
gen_require(`
|
|
type xferlog_t;
|
|
')
|
|
|
|
logging_search_logs($1)
|
|
allow $1 xferlog_t:file read_file_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute the ftpdctl program in the ftpdctl domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`ftp_domtrans_ftpdctl',`
|
|
gen_require(`
|
|
type ftpdctl_t, ftpdctl_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, ftpdctl_exec_t, ftpdctl_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute the ftpdctl program in the ftpdctl domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role to allow the ftpdctl domain.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="terminal">
|
|
## <summary>
|
|
## The type of the terminal allow the ftpdctl domain to use.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`ftp_run_ftpdctl',`
|
|
gen_require(`
|
|
type ftpdctl_t;
|
|
')
|
|
|
|
ftp_domtrans_ftpdctl($1)
|
|
role $2 types ftpdctl_t;
|
|
allow ftpdctl_t $3:chr_file rw_term_perms;
|
|
')
|