add missing tunable

refpolicy/policy/global_tunables

@@ -71,6 +71,10 @@ gen_tunable(httpd_can_network_connect,false)
 ## Allow httpd cgi support
 gen_tunable(httpd_enable_cgi,false)
 
+## Allow httpd to act as a FTP server by
+## listening on the ftp port.
+gen_tunable(httpd_enable_ftp_server,false)
+
 ## Allow httpd to read home directories
 gen_tunable(httpd_enable_homedirs,false)
 

refpolicy/policy/modules/services/apache.te

@@ -344,6 +344,10 @@ tunable_policy(`httpd_enable_cgi && httpd_unified && httpd_builtin_scripting',`
 	allow httpd_sys_script_t httpdcontent:file { rx_file_perms entrypoint };
 ')
 
+tunable_policy(`httpd_enable_ftp_server',`
+	corenet_tcp_bind_ftp_port(httpd_t)
+')
+
 tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
 	fs_read_nfs_files(httpd_t)
 	fs_read_nfs_symlinks(httpd_t)