[CentOS] How to have more than on SELinux context on a directory
Marcelo Roccasalva
marcelo-centos at irrigacion.gov.ar
Fri Jul 8 15:47:33 UTC 2016
You are looking for a man page, which usually belongs in a man section and
is compressed. You can do:
$ yum provides /usr/share/man/man8/tftpd_selinux.8.gz
or, more generally:
$ yum provides */tftpd_selinux*
given the asterisk don't resolve to something already existing in your
local dir... You can escape them or quote in this case
Marcelo
On Fri, Jul 8, 2016 at 9:41 AM, Bernard Fay <bernard.fay at gmail.com> wrote:
> Thanks Fabian,
>
> That's what I need! A bit more open than I wish but it is ok.
>
> One more thing... I got some problems to get the man page for
> tftpd_selinux.
>
> [ ]$ yum search tftpd_selinux
> Loaded plugins: fastestmirror, langpacks
> Determining fastest mirrors
> Warning: No matches found for: tftpd_selinux
> No matches found
>
> [ ~]$ yum provides tftpd_selinux
> Loaded plugins: fastestmirror, langpacks
> Loading mirror speeds from cached hostfile
> No matches found
>
> Of course, google came to the rescue. But is there a another way, Linux or
> yum based solution to find the proper packages when yum search or yum
> provides don't get it?
>
> Thanks again
>
>
>
> On Thu, Jul 7, 2016 at 5:58 AM, Fabian Arrotin <arrfab at centos.org> wrote:
>
> > On 06/07/16 21:17, Bernard Fay wrote:
> > > I can access /depot/tftp from a tftp client but unable to do it from a
> > > Windows client as long as SELinux is enforced. If SELinux is
> permissive
> > I
> > > can access it then I know Samba is properly configured.
> > >
> > > # getenforce
> > > Enforcing
> > > # ls -dZ /depot/tftp/
> > > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/
> > >
> > >
> > > And if I do it the other way around, give the directory a type
> > > samba_share_t then the tftp clients are unable to push files.
> > >
> > > # getenforce
> > > Enforcing
> > > [root at CTSFILESRV01 depot]# ls -ldZ tftp/
> > > drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/
> > >
> > >
> > > I would then to either create my own type or missing access rules as
> you
> > > suggest. Unfortunately, this will be when I will have time which I
> don't
> > > have at the moment.
> > >
> > > Thanks for you help
> > >
> >
> > Don't forget that it's about process type and context.
> > If you need multiple processes/domain types accessing the same context
> > files, you'd probably just need a common context/label.
> >
> > <tip>
> > man -k _selinux => will show you man pages for everything regarding
> > selinux and domain/process/context
> > </tip>
> >
> > => man tftpd_selinux
> > => search for samba and :
> > <quote>
> > If you want to share files with multiple domains (Apache, FTP, rsync,
> > Samba), you can set a file context of public_content_t and
> > public_content_rw_t. These context allow any of the above domains to
> > read the content.
> > If you want a particular domain to write to the public_content_rw_t
> > domain, you must set the appropriate boolean.
> > </quote>
> >
> > But read the whole tftpd_selinux and samba_selinux man pages (and they
> > share almost the same content for "Sharing files" stanzas :-)
> >
> > --
> > Fabian Arrotin
> > The CentOS Project | http://www.centos.org
> > gpg key: 56BEC54E | twitter: @arrfab
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
>
--
Marcelo
"¿No será acaso que esta vida moderna está teniendo más de moderna que de
vida?" (Mafalda)
More information about the CentOS
mailing list