search for: tftpdir_rw_t

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary...

..._rw_and_samba_share_t) to label the files in your shared directory and defined necessary rules to allow access to these files by processes running in certain confined domains. These new rules would most likely include a subset of rules already defined in the default policy for samba_share_t and tftpdir_rw_t types. I've never added a new type myself and cannot really elaborate any further on the subject. An easier approach would be to add missing access rules for already existing file type (either samba_share_t or tftpdir_rw_t). BTW have you really tried to access files labelled with tftpdir_...

Hello, I need to have the tftpdir_rw_t and samba_share_t SELinux context on the same directory. How can we do this? Is it feasible to have more than one SELinux context? Thanks, Bernard

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then the tftp clients are unable to push files. # getenforce Enforcing [root at CTSFILESRV01 depot]# ls -ldZ tftp/ drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/ I would then to either...

...he case, I did not know about it.... like many things in the SELinux world. It is so complex and so badly documented. :-( On Tue, Jul 5, 2016 at 1:24 PM, ????????? ???????? <nevis2us at infoline.su> wrote: > ????????? ???????? ????? 2016-07-05 19:58: > >> I need to have the tftpdir_rw_t and samba_share_t SELinux context on >>> the same directory. >>> >>> How can we do this? Is it feasible to have more than one SELinux context? >>> >> >> I don't think it's possible/feasible. >> You'd probably need to add a new typ...

..._u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)? all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/grub(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? all files system_u:object_r:cobbler_var_lib_t...

> I need to have the tftpdir_rw_t and samba_share_t SELinux context > on > the same directory. > > How can we do this? Is it feasible to have more than one SELinux > context? I don't think it's possible/feasible. You'd probably need to add a new type and necessary rules to your local policy. Or ad...

...p from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ > > > And if I do it the other way around, give the directory a type > samba_share_t then the tftp clients are unable to push files. > > # getenforce > Enforcing > [root at CTSFILESRV01 depot]# ls -ldZ tftp/ > drwxrwxrwx. root root system_u:object_r:sam...

...t from a > > Windows client as long as SELinux is enforced. If SELinux is permissive > I > > can access it then I know Samba is properly configured. > > > > # getenforce > > Enforcing > > # ls -dZ /depot/tftp/ > > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ > > > > > > And if I do it the other way around, give the directory a type > > samba_share_t then the tftp clients are unable to push files. > > > > # getenforce > > Enforcing > > [root at CTSFILESRV01 depot]# ls -ldZ tftp/ > > d...