On Thu, 13 Sep 2007, Davide Grandis wrote:
Yes, forgot to mention, sorry.
SELinux is disabled, otherwise TFTP would be completely filtered out.
I have SELinux and tftp working together without any trouble. I first
used audit2allow to write a module:
grep tftp /var/log/audit/audit.log | audit2allow -M tftpwrite
Here's the resulting tftpwrite.pp file:
----- %< -----
module tftpwrite 1.0;
require {
class file write;
type tftpd_t;
type tftpdir_t;
role system_r;
};
allow tftpd_t tftpdir_t:file write;
----- %< -----
I compiled and activated it with semodule:
semodule -i tftpwrite.pp
Then make sure that the filename to which you want to write exists, is
world-writable, and has the correct file contexts. If I wanted to
write to /tftpboot/foo, for example, it ought to look like
-rw-rw-rw- root root user_u:object_r:tftpdir_t /tftpboot/foo
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
