TFTP is often used to store firmware images and configuration files for embedded devices, and as a place for such devices to write crash dumps, log files, etc. FHS 2.3 is silent on where to put files served up by TFTP. Currently, we set the TFTP root to /tftpboot. This seems suboptimal for a few reasons: 1. The root directory might be read-only on the TFTP server, so it isn't a good place to put the TFTP root. 2. The root directory might be too small to store lots of log files, huge crash dumps, etc. 3. It really makes no sense to have a separate top-level directory for the TFTP service. /tftpboot is a legacy location that should be reconsidered. 4. tftp"boot" doesn't fit all use cases. It isn't used exclusively during booting of these devices. For many years, I've used /var/tftp as a location for storing TFTP data. This mirrors the use of /var/ftp and /var/www. I therefore suggest we change the default configuration in /etc/xinetd.d/tftp to reflect this. At the very least, we should update the selinux-policy to allow /var/tftp as an alternate location. Interestingly, it appears that the current policy allows in.tftpd to read var_t, since I haven't fixed the contexts on my servers and it is still able to read files: >ls -ldZ /tftpboot drwxr-xr-x root root system_u:object_r:tftpdir_t /tftpboot/ >ls -ldZ /var/tftp drwxrwsr-x tftp tftp user_u:object_r:var_t /var/tftp/ -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
