On Thu, 2007-05-24 at 11:43 -0400, eric wrote: > Chuck Anderson wrote: > > On Wed, May 09, 2007 at 03:38:16PM -0400, eric magaoay wrote: > > > >> Summary > >> SELinux is preventing /usr/sbin/in.tftpd (tftpd_t) "search" to / > >> (rsync_data_t). > >> Source Context user_u:system_r:tftpd_t > >> Target Context system_u:object_r:rsync_data_t > >> Target Objects / [ dir ] > >> > > > > I believe your / is labelled incorrectly. Mine is: > > > > system_u:object_r:root_t > I have 2 questions: > 1. Is there a justification for using root_t instead of tftpd_t? root_t specifically exists to label the / directory of the system, not the root of the directory you are exporting over tftp. Its not specific to the tftp policy. If you change the type of / to something other than root_t, then many things can go wrong, since all domains should be able to at least search /. > 2. Is "search" to "/" means searching for absolute root directory or > root directory of tftp defined in xinetd, which is "/a" in my case? It means the real root directory. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
