On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ > > > And if I do it the other way around, give the directory a type > samba_share_t then the tftp clients are unable to push files. > > # getenforce > Enforcing > [root@CTSFILESRV01 depot]# ls -ldZ tftp/ > drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/ > > > I would then to either create my own type or missing access rules as you > suggest. Unfortunately, this will be when I will have time which I don't > have at the moment. > > Thanks for you help > Don't forget that it's about process type and context. If you need multiple processes/domain types accessing the same context files, you'd probably just need a common context/label. <tip> man -k _selinux => will show you man pages for everything regarding selinux and domain/process/context </tip> => man tftpd_selinux => search for samba and : <quote> If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. </quote> But read the whole tftpd_selinux and samba_selinux man pages (and they share almost the same content for "Sharing files" stanzas :-) -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
