[CentOS] [CentOS 5] tftp-server, unable to create new files (even with "-c" option)
Paul Heinlein
heinlein at madboa.com
Thu Sep 13 16:22:43 UTC 2007
On Thu, 13 Sep 2007, Davide Grandis wrote:
> Yes, forgot to mention, sorry.
>
> SELinux is disabled, otherwise TFTP would be completely filtered out.
I have SELinux and tftp working together without any trouble. I first
used audit2allow to write a module:
grep tftp /var/log/audit/audit.log | audit2allow -M tftpwrite
Here's the resulting tftpwrite.pp file:
----- %< -----
module tftpwrite 1.0;
require {
class file write;
type tftpd_t;
type tftpdir_t;
role system_r;
};
allow tftpd_t tftpdir_t:file write;
----- %< -----
I compiled and activated it with semodule:
semodule -i tftpwrite.pp
Then make sure that the filename to which you want to write exists, is
world-writable, and has the correct file contexts. If I wanted to
write to /tftpboot/foo, for example, it ought to look like
-rw-rw-rw- root root user_u:object_r:tftpdir_t /tftpboot/foo
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list