allowing tftpd to make pxe functional
Christopher J. PeBenito
cpebenito at tresys.com
Thu May 24 18:17:21 UTC 2007
On Thu, 2007-05-24 at 11:43 -0400, eric wrote:
> Chuck Anderson wrote:
> > On Wed, May 09, 2007 at 03:38:16PM -0400, eric magaoay wrote:
> >
> >> Summary
> >> SELinux is preventing /usr/sbin/in.tftpd (tftpd_t) "search" to /
> >> (rsync_data_t).
> >> Source Context user_u:system_r:tftpd_t
> >> Target Context system_u:object_r:rsync_data_t
> >> Target Objects / [ dir ]
> >>
> >
> > I believe your / is labelled incorrectly. Mine is:
> >
> > system_u:object_r:root_t
> I have 2 questions:
> 1. Is there a justification for using root_t instead of tftpd_t?
root_t specifically exists to label the / directory of the system, not
the root of the directory you are exporting over tftp. Its not specific
to the tftp policy. If you change the type of / to something other than
root_t, then many things can go wrong, since all domains should be able
to at least search /.
> 2. Is "search" to "/" means searching for absolute root directory or
> root directory of tftp defined in xinetd, which is "/a" in my case?
It means the real root directory.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the fedora-selinux-list
mailing list