> Step1: i created a file called > /etc/selinux/targeted/src/policy/domains/program/vsftpd.te > the cotents are > ################################# > # > # Rules for the vsftpd_t domain. > # > daemon_domain(vsftpd) What's wrong with the ftpd.te policy, currently available in the FC4 packages? > the security context of this file was root:object_r:policy_src_t > I changed it by using > chcon -u system_u vsftpd.te > > Step2: create /etc/selinux/targeted/src/policy/file_contexts/program/vsftpd.fc > contents are > /usr/sbin/vsftpd -- system_u:object_r:vsftpd_exec_t > /var/run/vsftpd.pid -- system_u:object_r:vsftpd_var_run_t > /etc/vsftpd/vsftpd.conf -- system_u:object_r:vsftpd_conf_t > > chcon -u system_u vsftpd.fc I don't think this matters... > At this moment, the security context of /etc/vsftpd and vsftpd.conf are: > # ls -dZ /etc/vsftpd > drwxr-xr-x root root system_u:object_r:etc_t /etc/vsftpd > > ls -Z /etc/vsftpd/vsftpd.conf > -rw------- root root system_u:object_r:etc_t > /etc/vsftpd/vsftpd.conf > > Step3: #make load > Error message: > ... > Validating file_contexts ... > /usr/sbin/setfiles -q -c /etc/selinux/targeted/policy/policy.18 > /etc/selinux/tar geted/contexts/files/file_contexts > /usr/sbin/setfiles: invalid context system_u:object_r:vsftpd_conf_t > on line num ber 785 > make: *** [install] Error 1 > > Could anyone help me on this? Thanks a lot! You need to define the type vsftpd_conf_t in the vsftpd.te file, before you can use it in your file_contexts file. Look at how the FC4 ftp policy is done, or better just use that instead... > Btw, should I set the security context of /etc/vsftpd/vsftpd.conf to > vsftpd_conf_t > or vsftpd_etc_t? I am confused about some existing context, such as You're creating the type, so the decision is up to you - both appear in different places in the policy. The etc_t one can be created simply by calling the etc_domain macro. -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list