[CentOS] [CentOS 5] tftp-server, unable to create new files (even with "-c" option)

Thu Sep 13 16:22:43 UTC 2007
Paul Heinlein <heinlein at madboa.com>

On Thu, 13 Sep 2007, Davide Grandis wrote:

> Yes, forgot to mention, sorry.
> SELinux is disabled, otherwise TFTP would be completely filtered out.

I have SELinux and tftp working together without any trouble. I first 
used audit2allow to write a module:

   grep tftp /var/log/audit/audit.log | audit2allow -M tftpwrite

Here's the resulting tftpwrite.pp file:

----- %< -----
module tftpwrite 1.0;
require {
   class file write;
   type tftpd_t;
   type tftpdir_t;
   role system_r;
allow tftpd_t tftpdir_t:file write;
----- %< -----

I compiled and activated it with semodule:

   semodule -i tftpwrite.pp

Then make sure that the filename to which you want to write exists, is 
world-writable, and has the correct file contexts. If I wanted to 
write to /tftpboot/foo, for example, it ought to look like

-rw-rw-rw-  root root user_u:object_r:tftpdir_t    /tftpboot/foo

Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/