Re: Selinux TFTP question [was: (no subject)]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 16/11/2013 21:46, Andrew Holway wrote:
> [root@ipa tftpboot]# semanage fcontext -l | grep tftp
> /tftpboot                                          directory
> system_u:object_r:tftpdir_t:s0
> /tftpboot/.*                                       all files
> system_u:object_r:tftpdir_t:s0
> /usr/sbin/atftpd                                   regular file
> system_u:object_r:tftpd_exec_t:s0
> /usr/sbin/in\.tftpd                                regular file
> system_u:object_r:tftpd_exec_t:s0
> /var/lib/tftpboot(/.*)?                            all files
> system_u:object_r:tftpdir_rw_t:s0
> /var/lib/tftpboot/etc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/grub(/.*)?                       all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/images(/.*)?                     all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/memdisk                          regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/menu\.c32                        regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/ppc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.0                      regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.cfg(/.*)?              all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/s390x(/.*)?                      all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/yaboot                           regular file
> system_u:object_r:cobbler_var_lib_t:s0
>
> Could someone tell me why:
>
> /var/lib/tftpboot(/.*)? - is using (/.*)?

This covers /var/lib/tftpboot and all files under it and gives them the 
label tftpdir_rw_t

>
> /tftpboot/.* - is using .*

This covers all files under /tftpboot/ giving them the label tftpdir_t. 
There is a separate entry for the directory:
/tftpboot                                          directory 
system_u:object_r:tftpdir_t:s0
As to why the difference I've no idea as looking at other root dirs with 
semanage fcontext -l I can see most of them use (/.*)? which makes sense.

>
> Thanks,
>
> Andrew
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>

Regards,

Tris

*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster@xxxxxxxx

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*************************************************************

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux