Thanks Fabian,
That's what I need! A bit more open than I wish but it is ok.
One more thing... I got some problems to get the man page for tftpd_selinux.
[ ]$ yum search tftpd_selinux Loaded plugins: fastestmirror, langpacks Determining fastest mirrors Warning: No matches found for: tftpd_selinux No matches found
[ ~]$ yum provides tftpd_selinux Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile No matches found
Of course, google came to the rescue. But is there a another way, Linux or yum based solution to find the proper packages when yum search or yum provides don't get it?
Thanks again
On Thu, Jul 7, 2016 at 5:58 AM, Fabian Arrotin arrfab@centos.org wrote:
On 06/07/16 21:17, Bernard Fay wrote:
I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive
I
can access it then I know Samba is properly configured.
# getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/
And if I do it the other way around, give the directory a type samba_share_t then the tftp clients are unable to push files.
# getenforce Enforcing [root@CTSFILESRV01 depot]# ls -ldZ tftp/ drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/
I would then to either create my own type or missing access rules as you suggest. Unfortunately, this will be when I will have time which I don't have at the moment.
Thanks for you help
Don't forget that it's about process type and context. If you need multiple processes/domain types accessing the same context files, you'd probably just need a common context/label.
<tip> man -k _selinux => will show you man pages for everything regarding selinux and domain/process/context </tip>
=> man tftpd_selinux => search for samba and :
<quote> If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. </quote>
But read the whole tftpd_selinux and samba_selinux man pages (and they share almost the same content for "Sharing files" stanzas :-)
-- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos