[CentOS] Selinux TFTP question [was: (no subject)]

Mon Nov 18 13:20:34 UTC 2013
Tris Hoar <trishoar at bgfl.org>

On 16/11/2013 21:46, Andrew Holway wrote:
> [root at ipa tftpboot]# semanage fcontext -l | grep tftp
> /tftpboot                                          directory
> system_u:object_r:tftpdir_t:s0
> /tftpboot/.*                                       all files
> system_u:object_r:tftpdir_t:s0
> /usr/sbin/atftpd                                   regular file
> system_u:object_r:tftpd_exec_t:s0
> /usr/sbin/in\.tftpd                                regular file
> system_u:object_r:tftpd_exec_t:s0
> /var/lib/tftpboot(/.*)?                            all files
> system_u:object_r:tftpdir_rw_t:s0
> /var/lib/tftpboot/etc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/grub(/.*)?                       all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/images(/.*)?                     all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/memdisk                          regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/menu\.c32                        regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/ppc(/.*)?                        all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.0                      regular file
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/pxelinux\.cfg(/.*)?              all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/s390x(/.*)?                      all files
> system_u:object_r:cobbler_var_lib_t:s0
> /var/lib/tftpboot/yaboot                           regular file
> system_u:object_r:cobbler_var_lib_t:s0
>
> Could someone tell me why:
>
> /var/lib/tftpboot(/.*)? - is using (/.*)?

This covers /var/lib/tftpboot and all files under it and gives them the 
label tftpdir_rw_t

>
> /tftpboot/.* - is using .*

This covers all files under /tftpboot/ giving them the label tftpdir_t. 
There is a separate entry for the directory:
/tftpboot                                          directory 
system_u:object_r:tftpdir_t:s0
As to why the difference I've no idea as looking at other root dirs with 
semanage fcontext -l I can see most of them use (/.*)? which makes sense.

>
> Thanks,
>
> Andrew
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Regards,

Tris

*************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity 
to whom they are addressed. If you have received this email 
in error please notify postmaster at bgfl.org

The views expressed within this email are those of the 
individual, and not necessarily those of the organisation
*************************************************************