Allowing vsftpd access for user's home directory

Paul Howarth paul at city-fan.org
Thu May 11 06:52:59 UTC 2006


On Thu, 2006-05-11 at 14:32 +0800, Ketut Mahaindra wrote:
>  Hello,
> 
> I tried your suggestion in conjunction with the FC5 SELinux FAQ:
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2958106
> 
> So, I did the following
> # audit2allow -m local -l -i /var/log/audit/audit.log
> 
> Which give me something like:
> 
> module local 1.0;
> require {
>         class capability { dac_override dac_read_search };
> 
>         type ftpd_t;
> };
> allow ftpd_t self:capability { dac_override dac_read_search };
> 
> So, naturally I want it to be inside a file for compilation.
> Then I did:
> 
> # audit2allow -m local -l -i /var/log/audit/audit.log > local.te
> # checkmodule -M -m -o local.mod local.te
> # semodule_package -o local.pp -m local.mod
> # semodule -i local.pp
> 
> But, on that last step I get an error message "semodule:  Could not read
> file 'local.pp':"
> It's strange, because the file local.pp is created normally by the
> semodule_package command.
> 
> Did I miss anything?

Try this:

Move the files you've used for this process (the .te/.pp files etc.) to
a new, empty directory (I used /root/selinux.local) and change to that
directory. Then do:

# chcon -Rh -t usr_t .

Then try the semanage command again.

Paul.





More information about the fedora-selinux-list mailing list