thr3ads.net - CentOS - [CentOS] (no subject) [Nov 2013]

If this information is useful, please help other people find it:
Share via:

Andrew Holway

2013-Nov-16 21:46 UTC

[CentOS] (no subject)

[root at ipa tftpboot]# semanage fcontext -l | grep tftp
/tftpboot                                          directory
system_u:object_r:tftpdir_t:s0
/tftpboot/.*                                       all files
system_u:object_r:tftpdir_t:s0
/usr/sbin/atftpd                                   regular file
system_u:object_r:tftpd_exec_t:s0
/usr/sbin/in\.tftpd                                regular file
system_u:object_r:tftpd_exec_t:s0
/var/lib/tftpboot(/.*)?                            all files
system_u:object_r:tftpdir_rw_t:s0
/var/lib/tftpboot/etc(/.*)?                        all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/grub(/.*)?                       all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/images(/.*)?                     all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/memdisk                          regular file
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/menu\.c32                        regular file
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/ppc(/.*)?                        all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/pxelinux\.0                      regular file
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/pxelinux\.cfg(/.*)?              all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/s390x(/.*)?                      all files
system_u:object_r:cobbler_var_lib_t:s0
/var/lib/tftpboot/yaboot                           regular file
system_u:object_r:cobbler_var_lib_t:s0

Could someone tell me why:

/var/lib/tftpboot(/.*)? - is using (/.*)?

/tftpboot/.* - is using .*

Thanks,

Andrew

Tris Hoar

2013-Nov-18 13:20 UTC

head link

[CentOS] Selinux TFTP question [was: (no subject)]

On 16/11/2013 21:46, Andrew Holway wrote:> [root at ipa tftpboot]# semanage fcontext -l | grep tftp
> /tftpboot                                          directory
> system_u:object_r:tftpdir_t:s0
> /tftpboot/.*                                       all files
> system_u:object_r:tftpdir_t:s0
> /usr/sbin/atftpd                                   regular file
> system_u:object_r:tftpd_exec_t:s0
> /usr/sbin/in\.tftpd                                regular file
> system_u:object_r:tftpd_exec_t:s0
> /var/lib/tftpboot(/.*)?                            all files
> system_u:object_r:tftpdir_rw_t:s0
> /var/lib/tftpboot/etc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/grub(/.*)?                       all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/images(/.*)?                     all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/memdisk                          regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/menu\.c32                        regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/ppc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.0                      regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.cfg(/.*)?              all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/s390x(/.*)?                      all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/yaboot                           regular file
> system_u:object_r:cobbler_var_lib_t:s0
>
> Could someone tell me why:
>
> /var/lib/tftpboot(/.*)? - is using (/.*)?
This covers /var/lib/tftpboot and all files under it and gives them the 
label tftpdir_rw_t
>
> /tftpboot/.* - is using .*
This covers all files under /tftpboot/ giving them the label tftpdir_t. 
There is a separate entry for the directory:
/tftpboot                                          directory 
system_u:object_r:tftpdir_t:s0
As to why the difference I've no idea as looking at other root dirs with 
semanage fcontext -l I can see most of them use (/.*)? which makes sense.
>
> Thanks,
>
> Andrew
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
Regards,

Tris

*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*************************************************************

Seemingly Similar Threads

Search for more maybe matching threads

CentOS - Nov 2013 - (no subject)

[CentOS] (no subject)

[CentOS] Selinux TFTP question [was: (no subject)]

Seemingly Similar Threads