/usr/share/selinux/ubuntu/include/services/ftp.if is in selinux-policy-ubuntu-dev 0.2.20091117-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 | ## <summary>File transfer protocol service</summary>
########################################
## <summary>
## Use ftp by connecting over TCP. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
########################################
## <summary>
## Read ftpd etc files
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_read_config',`
gen_require(`
type ftpd_etc_t;
')
files_search_etc($1)
allow $1 ftpd_etc_t:file read_file_perms;
')
########################################
## <summary>
## Execute FTP daemon entry point programs.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_check_exec',`
gen_require(`
type ftpd_exec_t;
')
corecmd_search_bin($1)
allow $1 ftpd_exec_t:file { getattr execute };
')
########################################
## <summary>
## Read FTP transfer logs
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_read_log',`
gen_require(`
type xferlog_t;
')
logging_search_logs($1)
allow $1 xferlog_t:file read_file_perms;
')
########################################
## <summary>
## Execute the ftpdctl program in the ftpdctl domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ftp_domtrans_ftpdctl',`
gen_require(`
type ftpdctl_t, ftpdctl_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, ftpdctl_exec_t, ftpdctl_t)
')
########################################
## <summary>
## Execute the ftpdctl program in the ftpdctl domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to allow the ftpdctl domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ftp_run_ftpdctl',`
gen_require(`
type ftpdctl_t;
')
ftp_domtrans_ftpdctl($1)
role $2 types ftpdctl_t;
')
########################################
## <summary>
## All of the rules required to administrate
## an ftp environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed to manage the ftp domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`ftp_admin',`
gen_require(`
type ftpd_t, ftpdctl_t, ftpd_tmp_t;
type ftpd_etc_t, ftpd_lock_t;
type ftpd_var_run_t, xferlog_t;
type ftpd_initrc_exec_t;
')
allow $1 ftpd_t:process { ptrace signal_perms };
ps_process_pattern($1, ftpd_t)
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 ftpd_initrc_exec_t system_r;
allow $2 system_r;
ps_process_pattern($1, ftpdctl_t)
ftp_run_ftpdctl($1, $2)
miscfiles_manage_public_files($1)
files_list_tmp($1)
admin_pattern($1, ftpd_tmp_t)
files_list_etc($1)
admin_pattern($1, ftpd_etc_t)
files_list_var($1)
admin_pattern($1, ftpd_lock_t)
files_list_pids($1)
admin_pattern($1, ftpd_var_run_t)
logging_list_logs($1)
admin_pattern($1, xferlog_t)
')
|