diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index ee9935c..c79aa8c 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -5,6 +5,7 @@
- Added policies:
anaconda
dmidecode
+ ftp
kudzu
radvd
diff --git a/refpolicy/policy/global_tunables b/refpolicy/policy/global_tunables
index 20affba..98573f3 100644
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@@ -16,6 +16,10 @@ gen_tunable(allow_execmod,false)
## Also requires allow_execmem.
gen_tunable(allow_execstack,false)
+## Allow ftp servers to modify public files
+## used for public file transfer services.
+gen_tunable(allow_ftpd_anon_write,false)
+
## Allow gpg executable stack
gen_tunable(allow_gpg_execstack,false)
diff --git a/refpolicy/policy/modules/services/ftp.fc b/refpolicy/policy/modules/services/ftp.fc
new file mode 100644
index 0000000..03057f3
--- /dev/null
+++ b/refpolicy/policy/modules/services/ftp.fc
@@ -0,0 +1,26 @@
+#
+# /etc
+#
+/etc/proftpd\.conf -- context_template(system_u:object_r:ftpd_etc_t,s0)
+/etc/cron\.monthly/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+
+#
+# /usr
+#
+/usr/kerberos/sbin/ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+
+/usr/sbin/ftpwho -- context_template(system_u:object_r:ftpd_exec_t,s0)
+/usr/sbin/in\.ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+/usr/sbin/muddleftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+/usr/sbin/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+/usr/sbin/vsftpd -- context_template(system_u:object_r:ftpd_exec_t,s0)
+
+#
+# /var
+#
+/var/run/proftpd/proftpd-inetd -- context_template(system_u:object_r:ftpd_var_run_t,s0)
+/var/run/proftpd/proftpd\.scoreboard -- context_template(system_u:object_r:ftpd_var_run_t,s0)
+
+/var/log/muddleftpd\.log.* -- context_template(system_u:object_r:xferlog_t,s0)
+/var/log/xferlog.* -- context_template(system_u:object_r:xferlog_t,s0)
+/var/log/xferreport.* -- context_template(system_u:object_r:xferlog_t,s0)
diff --git a/refpolicy/policy/modules/services/ftp.if b/refpolicy/policy/modules/services/ftp.if
new file mode 100644
index 0000000..71042be
--- /dev/null
+++ b/refpolicy/policy/modules/services/ftp.if
@@ -0,0 +1,70 @@
+## File transfer protocol service
+
+########################################
+##
+## Use ftp by connecting over TCP.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`ftp_tcp_connect',`
+ gen_require(`
+ type ftpd_t;
+ ')
+
+ allow $1 ftpd_t:tcp_socket { connectto recvfrom };
+ allow ftpd_t $1:tcp_socket { acceptfrom recvfrom };
+ kernel_tcp_recvfrom($1)
+')
+
+########################################
+##
+## Read ftpd etc files
+##
+##
+## Domain allowed access.
+##
+#
+interface(`ftp_read_config',`
+ gen_require(`
+ type ftpd_etc_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 ftpd_etc_t:file { getattr read };
+')
+
+########################################
+##
+## Execute FTP daemon entry point programs.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`ftp_check_exec',`
+ gen_require(`
+ type ftpd_exec_t;
+ ')
+
+ corecmd_search_sbin($1)
+ allow $1 ftpd_exec_t:file x_file_perms;
+')
+
+########################################
+##
+## Read FTP transfer logs
+##
+##
+## Domain allowed access.
+##
+#
+interface(`ftp_read_log',`
+ gen_require(`
+ type xferlog_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 xferlog_t:file r_file_perms;
+')
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
new file mode 100644
index 0000000..e54b4ce
--- /dev/null
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -0,0 +1,199 @@
+
+policy_module(ftp,1.0)
+
+########################################
+#
+# Declarations
+#
+
+type ftpd_t;
+type ftpd_exec_t;
+init_daemon_domain(ftpd_t,ftpd_exec_t)
+
+type ftpd_etc_t;
+files_type(ftpd_etc_t)
+
+# ftpd_lock_t is only needed when ftpd_is_daemon is true, but we cannot define types conditionally
+type ftpd_lock_t;
+files_lock_file(ftpd_lock_t)
+
+type ftpd_tmp_t;
+files_tmp_file(ftpd_tmp_t)
+
+type ftpd_tmpfs_t;
+files_tmpfs_file(ftpd_tmpfs_t)
+
+type ftpd_var_run_t;
+files_pid_file(ftpd_var_run_t)
+
+type xferlog_t;
+logging_log_file(xferlog_t)
+
+########################################
+#
+# Local policy
+#
+
+allow ftpd_t self:capability { chown fowner fsetid setgid setuid sys_chroot sys_nice sys_resource };
+dontaudit ftpd_t self:capability sys_tty_config;
+allow ftpd_t self:process signal_perms;
+allow ftpd_t self:process { getcap setcap setsched setrlimit };
+allow ftpd_t self:fifo_file rw_file_perms;
+allow ftpd_t self:unix_dgram_socket { sendto create_socket_perms };
+allow ftpd_t self:unix_stream_socket create_socket_perms;
+allow ftpd_t self:tcp_socket create_stream_socket_perms;
+allow ftpd_t self:udp_socket create_socket_perms;
+
+allow ftpd_t ftpd_etc_t:file { getattr read };
+
+allow ftpd_t ftpd_tmp_t:dir create_dir_perms;
+allow ftpd_t ftpd_tmp_t:file create_file_perms;
+files_create_tmp_files(ftpd_t, ftpd_tmp_t, { file dir })
+
+allow ftpd_t ftpd_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
+allow ftpd_t ftpd_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
+allow ftpd_t ftpd_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
+allow ftpd_t ftpd_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
+allow ftpd_t ftpd_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
+fs_create_tmpfs_data(ftpd_t,ftpd_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
+
+# Create and modify /var/log/xferlog.
+allow ftpd_t xferlog_t:file create_file_perms;
+logging_create_log(ftpd_t,xferlog_t)
+
+kernel_read_kernel_sysctl(ftpd_t)
+kernel_read_system_state(ftpd_t)
+
+dev_read_sysfs(ftpd_t)
+dev_read_urand(ftpd_t)
+
+fs_search_auto_mountpoints(ftpd_t)
+fs_getattr_all_fs(ftpd_t)
+
+corenet_tcp_sendrecv_all_if(ftpd_t)
+corenet_udp_sendrecv_all_if(ftpd_t)
+corenet_raw_sendrecv_all_if(ftpd_t)
+corenet_tcp_sendrecv_all_nodes(ftpd_t)
+corenet_udp_sendrecv_all_nodes(ftpd_t)
+corenet_raw_sendrecv_all_nodes(ftpd_t)
+corenet_tcp_sendrecv_all_ports(ftpd_t)
+corenet_udp_sendrecv_all_ports(ftpd_t)
+corenet_tcp_bind_all_nodes(ftpd_t)
+corenet_udp_bind_all_nodes(ftpd_t)
+corenet_tcp_bind_ftp_data_port(ftpd_t)
+corenet_tcp_bind_generic_port(ftpd_t)
+corenet_tcp_connect_all_ports(ftpd_t)
+
+term_dontaudit_use_console(ftpd_t)
+
+# Append to /var/log/wtmp.
+auth_append_login_records(ftpd_t)
+#kerberized ftp requires the following
+auth_write_login_records(ftpd_t)
+
+corecmd_exec_bin(ftpd_t)
+# Execute /bin/ls (can comment this out for proftpd)
+# also may need rules to allow tar etc...
+corecmd_exec_ls(ftpd_t)
+
+domain_use_wide_inherit_fd(ftpd_t)
+
+files_search_etc(ftpd_t)
+files_read_etc_files(ftpd_t)
+files_read_etc_runtime_files(ftpd_t)
+
+init_use_fd(ftpd_t)
+init_use_script_pty(ftpd_t)
+
+libs_use_ld_so(ftpd_t)
+libs_use_shared_libs(ftpd_t)
+
+logging_send_syslog_msg(ftpd_t)
+
+miscfiles_read_localization(ftpd_t)
+miscfiles_read_public_files(ftpd_t)
+
+seutil_dontaudit_search_config(ftpd_t)
+
+sysnet_read_config(ftpd_t)
+
+userdom_dontaudit_search_sysadm_home_dir(ftpd_t)
+userdom_dontaudit_use_unpriv_user_fd(ftpd_t)
+
+ifdef(`targeted_policy',`
+ files_dontaudit_read_root_file(ftpd_t)
+
+ term_dontaudit_use_generic_pty(ftpd_t)
+ term_dontaudit_use_unallocated_tty(ftpd_t)
+')
+
+tunable_policy(`allow_ftpd_anon_write',`
+ miscfiles_manage_public_files(ftpd_t)
+')
+
+tunable_policy(`ftp_home_dir',`
+ # allow access to /home
+ files_getattr_home_dir(ftpd_t)
+ userdom_read_all_user_files(ftpd_t)
+ userdom_manage_all_user_dirs(ftpd_t)
+ userdom_manage_all_user_files(ftpd_t)
+ userdom_manage_all_user_symlinks(ftpd_t)
+')
+
+tunable_policy(`ftpd_is_daemon',`
+ allow ftpd_t ftpd_lock_t:file create_file_perms;
+ files_create_lock(ftpd_t,ftpd_lock_t)
+
+ corenet_tcp_bind_ftp_port(ftpd_t)
+')
+
+tunable_policy(`use_nfs_home_dirs && ftp_home_dir',`
+ fs_read_nfs_files(ftpd_t)
+ fs_read_nfs_symlinks(ftpd_t)
+')
+
+tunable_policy(`use_samba_home_dirs && ftp_home_dir',`
+ fs_read_cifs_files(ftpd_t)
+ fs_read_cifs_symlinks(ftpd_t)
+')
+
+optional_policy(`crond.te', `
+ corecmd_exec_shell(ftpd_t)
+
+ files_read_usr_file(ftpd_t)
+
+ cron_system_entry(ftpd_t, ftpd_exec_t)
+
+ optional_policy(`logrotate.te',`
+ logrotate_exec(ftpd_t)
+ ')
+')
+
+optional_policy(`inetd.te',`
+ if (!ftpd_is_daemon) {
+ #reh: typeattributes not allowed in conditionals yet.
+ #inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
+
+ optional_policy(`tcpd.te',`
+ tcpd_domtrans(tcpd_t)
+ ')
+ }
+')
+
+optional_policy(`mount.te',`
+ mount_send_nfs_client_request(ftpd_t)
+')
+
+optional_policy(`selinuxutil.te',`
+ seutil_sigchld_newrole(ftpd_t)
+')
+
+optional_policy(`udev.te', `
+ udev_read_db(ftpd_t)
+')
+
+ifdef(`TODO',`
+optional_policy(`rhgb.te',`
+ rhgb_domain(ftpd_t)
+')
+')
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 25db7d4..7b439f4 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -209,6 +209,13 @@ tunable_policy(`run_ssh_inetd',`
corenet_tcp_bind_ssh_port(inetd_t)
')
+optional_policy(`ftp.te',`
+ tunable_policy(`ftpd_is_daemon',`
+ # Allows it to check exec privs on daemon
+ ftp_check_exec(inetd_t)
+ ')
+')
+
optional_policy(`kerberos.te',`
kerberos_use(inetd_child_t)
')
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index 5afaeea..c0c5095 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -734,6 +734,38 @@ interface(`auth_dontaudit_write_login_records',`
')
#######################################
+##
+## Append to login records (wtmp).
+##
+##
+## Domain allowed access.
+##
+#
+interface(`auth_append_login_records',`
+ gen_require(`
+ type wtmp_t;
+ ')
+
+ allow $1 wtmp_t:file { getattr append };
+')
+
+#######################################
+##
+## Write to login records (wtmp).
+##
+##
+## Domain allowed access.
+##
+#
+interface(`auth_write_login_records',`
+ gen_require(`
+ type wtmp_t;
+ ')
+
+ allow $1 wtmp_t:file { write lock };
+')
+
+#######################################
#
# auth_rw_login_records(domain)
#
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index b9b6fc6..33f7bb8 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -557,6 +557,23 @@ interface(`init_udp_sendto_script',`
########################################
##
+## Allow the specified domain to connect to
+## init scripts with a unix socket.
+##
+##
+## Domain allowed access.
+##
+#
+interface(`init_unix_connect_script',`
+ gen_require(`
+ type initrc_t;
+ ')
+
+ allow $1 initrc_t:unix_stream_socket connectto;
+')
+
+########################################
+##
## Read and write the init script pty.
##
##
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 758f23a..55a87ef 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -313,6 +313,12 @@ template(`base_user_template',`
dictd_use($1_t)
')
+ optional_policy(`ftp.te',`
+ tunable_policy(`ftpd_is_daemon',`
+ ftp_tcp_connect($1_t)
+ ')
+ ')
+
optional_policy(`inetd.te',`
inetd_tcp_connect($1_t)
')
@@ -1847,6 +1853,62 @@ interface(`userdom_read_all_user_files',`
########################################
##
+## Create, read, write, and delete all directories
+## in all users home directories.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`userdom_manage_all_user_dirs',`
+ gen_require(`
+ attribute home_type;
+ ')
+
+ files_list_home($1)
+ allow $1 home_type:dir create_dir_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete all files
+## in all users home directories.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`userdom_manage_all_user_files',`
+ gen_require(`
+ attribute home_type;
+ ')
+
+ files_list_home($1)
+ allow $1 home_type:dir rw_dir_perms;
+ allow $1 home_type:file create_file_perms;
+')
+
+########################################
+##
+## Create, read, write, and delete all symlinks
+## in all users home directories.
+##
+##
+## The type of the process performing this action.
+##
+#
+interface(`userdom_manage_all_user_symlinks',`
+ gen_require(`
+ attribute home_type;
+ ')
+
+ files_list_home($1)
+ allow $1 home_type:dir rw_dir_perms;
+ allow $1 home_type:lnk_file create_lnk_perms;
+')
+
+########################################
+##
## Send general signals to unprivileged user domains.
##
##