allowing tftpd to make pxe functional

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm currently testing the latest rawhide build (F7), and I need help in allowing tftpd traffic (for PXE functionality). 
My previous work around solution was:
   setsebool -P tftpd_disable_trans=1
But this is no longer allow under rawhide (F7). I tried running system-config-selinux to search for any entry on tftp or tftpd, but found none. Any other suggestion/workaround without disabling selinux? 

Here is the output from Selinux troubleshooter:

Summary
   SELinux is preventing /usr/sbin/in.tftpd (tftpd_t) "search" to /
   (rsync_data_t).

Detailed Description
SELinux denied access requested by /usr/sbin/in.tftpd. It is not expected 
   that this access is required by /usr/sbin/in.tftpd and this access may
signal an intrusion attempt. It is also possible that the specific version 
   or configuration of the application is causing it to require additional
   access.

Allowing Access
   Sometimes labeling problems can cause SELinux denials.  You could try to
restore the default system file context for /, restorecon -v / If this does not work, there is currently no automatic way to allow this access. Instead, 
   you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable 
   SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi 
   against this package.
Additional Information 
Source Context                user_u:system_r:tftpd_t
Target Context                system_u:object_r:rsync_data_t
Target Objects                / [ dir ]
Affected RPM Packages         tftp-server-0.42-4
                             [application]filesystem-2.4.6-1.fc7 [target]
Policy RPM                    selinux-policy-2.6.1-1.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     fiji3
Platform Linux fiji3 2.6.21-1.3116.fc7 #1 SMP Thu Apr 26 
                             10:17:55 EDT 2007 x86_64 x86_64
Alert Count                   20
First Seen                    Wed 09 May 2007 02:18:14 PM EDT
Last Seen                     Wed 09 May 2007 02:42:14 PM EDT
Local ID                      736e2428-de9a-469b-8b77-92bce3a8eacd
Line Numbers Raw Audit Messages 
avc: denied { search } for comm="in.tftpd" dev=sda6 egid=0 euid=0
exe="/usr/sbin/in.tftpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/"
pid=3697 scontext=user_u:system_r:tftpd_t:s0 sgid=0
subj=user_u:system_r:tftpd_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:rsync_data_t:s0 tty=(none) uid=0

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux