From bea7b4548e53cda3e0d8ec3fb021f7418f49f05a Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Oct 31 2005 19:58:51 +0000
Subject: add missing tunable



---

diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index ccf9704..d63d86a 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -71,6 +71,10 @@ gen_tunable(httpd_can_network_connect,false)
 ## Allow httpd cgi support
 gen_tunable(httpd_enable_cgi,false)
 
+## Allow httpd to act as a FTP server by
+## listening on the ftp port.
+gen_tunable(httpd_enable_ftp_server,false)
+
 ## Allow httpd to read home directories
 gen_tunable(httpd_enable_homedirs,false)
 
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index ba0b385..03f5f29 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -344,6 +344,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
 	allow httpd_sys_script_t httpdcontent:file { rx_file_perms entrypoint };
 ')
 
+tunable_policy(`httpd_enable_ftp_server',`
+	corenet_tcp_bind_ftp_port(httpd_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_t)
 	fs_read_nfs_symlinks(httpd_t)