[CentOS] How to have more than on SELinux context on a directory

Bernard Fay bernard.fay at gmail.com
Fri Jul 8 12:41:27 UTC 2016 

Thanks Fabian,

That's what I need!  A bit more open than I wish but it is ok.

One more thing... I got some problems to get the man page for
tftpd_selinux.

[ ]$ yum search tftpd_selinux
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
Warning: No matches found for: tftpd_selinux
No matches found

[ ~]$ yum provides tftpd_selinux
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
No matches found

Of course, google came to the rescue. But is there a another way, Linux or
yum based solution to find the proper packages when yum search or yum
provides don't get it?

Thanks again



On Thu, Jul 7, 2016 at 5:58 AM, Fabian Arrotin <arrfab at centos.org> wrote:

> On 06/07/16 21:17, Bernard Fay wrote:
> > I can access /depot/tftp from a tftp client but unable to do it from a
> > Windows client as long as SELinux is enforced.  If SELinux is permissive
> I
> > can access it then I know Samba is properly configured.
> >
> > # getenforce
> > Enforcing
> > # ls -dZ /depot/tftp/
> > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/
> >
> >
> > And if I do it the other way around, give the directory a type
> > samba_share_t then the tftp clients are unable to push files.
> >
> > # getenforce
> > Enforcing
> > [root at CTSFILESRV01 depot]# ls -ldZ tftp/
> > drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/
> >
> >
> > I would then to either create my own type or missing access rules as you
> > suggest. Unfortunately, this will be when I will have time which I don't
> > have at the moment.
> >
> > Thanks for you help
> >
>
> Don't forget that it's about process type and context.
> If you need multiple processes/domain types accessing the same context
> files, you'd probably just need a common context/label.
>
> <tip>
> man -k _selinux => will show you man pages for everything regarding
> selinux and domain/process/context
> </tip>
>
> => man tftpd_selinux
> => search for samba and :
> <quote>
> If you want to share files with multiple domains (Apache, FTP, rsync,
> Samba), you can set  a  file  context  of  public_content_t  and
> public_content_rw_t.   These context allow any of the above domains to
> read the content.
>  If you want a particular domain to write to the public_content_rw_t
> domain, you must set the appropriate  boolean.
> </quote>
>
> But read the whole tftpd_selinux and samba_selinux man pages (and they
> share almost the same content for "Sharing files" stanzas :-)
>
> --
> Fabian Arrotin
> The CentOS Project | http://www.centos.org
> gpg key: 56BEC54E | twitter: @arrfab
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>

More information about the CentOS mailing list