[root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in.tftpd regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)? all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/grub(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/memdisk regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu.c32 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/ppc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.0 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.cfg(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot regular file system_u:object_r:cobbler_var_lib_t:s0
Could someone tell me why:
/var/lib/tftpboot(/.*)? - is using (/.*)?
/tftpboot/.* - is using .*
Thanks,
Andrew
On 16/11/2013 21:46, Andrew Holway wrote:
[root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in.tftpd regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)? all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/grub(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/memdisk regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu.c32 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/ppc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.0 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.cfg(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot regular file system_u:object_r:cobbler_var_lib_t:s0
Could someone tell me why:
/var/lib/tftpboot(/.*)? - is using (/.*)?
This covers /var/lib/tftpboot and all files under it and gives them the label tftpdir_rw_t
/tftpboot/.* - is using .*
This covers all files under /tftpboot/ giving them the label tftpdir_t. There is a separate entry for the directory: /tftpboot directory system_u:object_r:tftpdir_t:s0 As to why the difference I've no idea as looking at other root dirs with semanage fcontext -l I can see most of them use (/.*)? which makes sense.
Thanks,
Andrew _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Regards,
Tris
************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@bgfl.org
The views expressed within this email are those of the individual, and not necessarily those of the organisation *************************************************************
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/18/2013 08:20 AM, Tris Hoar wrote:
On 16/11/2013 21:46, Andrew Holway wrote:
[root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in.tftpd regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)? all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/grub(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/memdisk regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu.c32 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/ppc(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.0 regular file system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux.cfg(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)? all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot regular file system_u:object_r:cobbler_var_lib_t:s0
Could someone tell me why:
/var/lib/tftpboot(/.*)? - is using (/.*)?
This covers /var/lib/tftpboot and all files under it and gives them the label tftpdir_rw_t
/tftpboot/.* - is using .*
This covers all files under /tftpboot/ giving them the label tftpdir_t. There is a separate entry for the directory: /tftpboot directory system_u:object_r:tftpdir_t:s0 As to why the difference I've no idea as looking at other root dirs with semanage fcontext -l I can see most of them use (/.*)? which makes sense.
Thanks,
Andrew _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Regards,
Tris
************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmaster@bgfl.org
The views expressed within this email are those of the individual, and not necessarily those of the organisation
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
There was some fixes used for udev that allowed labeling to run faster if the top level directory had this type of labeling as I recall. Probably not as important with all of the improvements to labeling algorithms over the years.
-
Andrew Holway -
Daniel J Walsh -
Tris Hoar