On Thu, 2007-05-24 at 11:43 -0400, eric wrote:
Chuck Anderson wrote:
On Wed, May 09, 2007 at 03:38:16PM -0400, eric magaoay wrote:
Summary SELinux is preventing /usr/sbin/in.tftpd (tftpd_t) "search" to / (rsync_data_t). Source Context user_u:system_r:tftpd_t Target Context system_u:object_r:rsync_data_t Target Objects / [ dir ]
I believe your / is labelled incorrectly. Mine is:
system_u:object_r:root_t
I have 2 questions:
- Is there a justification for using root_t instead of tftpd_t?
root_t specifically exists to label the / directory of the system, not the root of the directory you are exporting over tftp. Its not specific to the tftp policy. If you change the type of / to something other than root_t, then many things can go wrong, since all domains should be able to at least search /.
- Is "search" to "/" means searching for absolute root directory or
root directory of tftp defined in xinetd, which is "/a" in my case?
It means the real root directory.