dbfdg <!--w1suD5cF-->
3
nmŠa/  ã               @   sD   d dl Z e jdddZej Zd dlT d dlmZ G dd„ deƒZdS )	é    Nzsetroubleshoot-pluginsT)Zfallback)Ú*)ÚPluginc               @   sX   e Zd ZedƒZedƒZedƒZdZedƒZdZ	edƒZ
edƒZdZd	d
„ Zdd„ ZdS )ÚpluginzY
    SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem.
    aU  
    SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem.
    NFS (Network Filesystem) is a network filesystem commonly used on Unix / Linux
    systems.

    The ftp daemon attempted to read one or more files or directories from
    a mounted filesystem of this type.  As NFS filesystems do not support
    fine-grained SELinux labeling, all files and directories in the
    filesystem will have the same security context.

    If you have not configured the ftp daemon to read files from a NFS filesystem
    this access attempt could signal an intrusion attempt.
    z|
    Changing the "allow_ftpd_use_nfs" boolean to true will allow this access:
    "setsebool -P allow_ftpd_use_nfs=1."
    z7/usr/sbin/setsebool -P ftpd_use_nfs=1 ftpd_anon_write=1a™   Changing the "allow_ftpd_use_nfs" and
    "ftpd_anon_write" booleans to true will allow this access:
    "setsebool -P allow_ftpd_use_nfs=1 ftpd_anon_write=1".
    warning: setting the "ftpd_anon_write" boolean to true will
    allow the ftp daemon to write to all public content (files and
    directories with type public_content_t) in addition to writing to
    files and directories on NFS filesystems.  z6If you want to allow ftpd to write to nfs file systemsz you must tell SELinux about thisz/# setsebool -P ftpd_use_nfs=1 ftpd_anon_write=1c             C   s    t j| tƒ d| _tdƒ| _d S )NTzEnable booleans.)r   Ú__init__Ú__name__ZfixableÚ_Zbutton_text)Úself© r	   ú7/usr/share/setroubleshoot/plugins/allow_ftpd_use_nfs.pyr   D   s    zplugin.__init__c             C   sH   |j dgƒrD|jdgƒrD|jddgƒrD|j|j|j ƒrD| jddS d S )	NZftpd_tZnfs_tÚfileÚdirÚftpd_use_nfsÚftpd_anon_write)Úargs)r   r   )Zmatches_source_typesZmatches_target_typesZhas_tclass_inZall_accesses_are_inZcreate_file_permsZrw_dir_permsZreport)r   Zavcr	   r	   r
   ÚanalyzeI   s    zplugin.analyzeN)r   Ú
__module__Ú__qualname__r   ZsummaryZproblem_descriptionZfix_descriptionZfix_cmdZrw_fix_descriptionZ
rw_fix_cmdZif_textZ	then_textZdo_textr   r   r	   r	   r	   r
   r      s   r   )ÚgettextZtranslationr   Zsetroubleshoot.utilZsetroubleshoot.Pluginr   r   r	   r	   r	   r
   Ú<module>   s
   