Hi there, I am configuring Selinux to protect vsftpd on my FC3 box. I follow the procedure of Chapter 8 Cutermizing and Writing Policy in Red Hat Enterprise Linux SELinux Guide. Step1: i created a file called /etc/selinux/targeted/src/policy/domains/program/vsftpd.te the cotents are ################################# # # Rules for the vsftpd_t domain. # daemon_domain(vsftpd) the security context of this file was root:object_r:policy_src_t I changed it by using chcon -u system_u vsftpd.te Step2: create /etc/selinux/targeted/src/policy/file_contexts/program/vsftpd.fc contents are /usr/sbin/vsftpd -- system_u:object_r:vsftpd_exec_t /var/run/vsftpd.pid -- system_u:object_r:vsftpd_var_run_t /etc/vsftpd/vsftpd.conf -- system_u:object_r:vsftpd_conf_t chcon -u system_u vsftpd.fc At this moment, the security context of /etc/vsftpd and vsftpd.conf are: # ls -dZ /etc/vsftpd drwxr-xr-x root root system_u:object_r:etc_t /etc/vsftpd ls -Z /etc/vsftpd/vsftpd.conf -rw------- root root system_u:object_r:etc_t /etc/vsftpd/vsftpd.conf Step3: #make load Error message: ... Validating file_contexts ... /usr/sbin/setfiles -q -c /etc/selinux/targeted/policy/policy.18 /etc/selinux/tar geted/contexts/files/file_contexts /usr/sbin/setfiles: invalid context system_u:object_r:vsftpd_conf_t on line num ber 785 make: *** [install] Error 1 Could anyone help me on this? Thanks a lot! Btw, should I set the security context of /etc/vsftpd/vsftpd.conf to vsftpd_conf_t or vsftpd_etc_t? I am confused about some existing context, such as #ls -dZ /etc/httpd/ drwxr-xr-x root root system_u:object_r:httpd_config_t /etc/httpd/ #ls -Z /etc/httpd/conf/httpd.conf -rw-r--r-- root root system_u:object_r:httpd_config_t /etc/httpd/conf/httpd.conf BUT, # ls -dZ /etc/snmp/ drwxr-xr-x root root system_u:object_r:etc_t /etc/snmp/ # ls -Z /etc/snmp/snmpd.conf -rw-r--r-- root root system_u:object_r:snmpd_etc_t /etc/snmp/snmpd.conf Thanks, James -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
