![]() ![]() ![]() ĭrwxrwxrwx root root system_u:object_r:tftpdir_rw_t. ĭrwxr-xr-x root root system_u:object_r:root_t. # sesearch -a | grep tftpdir |grep tftpd_Īllow tftpd_t tftpdir_t : file ĭrwxrwxrwx root root system_u:object_r:tftpdir_t. Changing the context of /tftpboot fixed the problem. I couldn't find anything on the internet that isn't already referenced here but by searching the selinux policy I was able to find another security context already on the system for tftp writes. I couldn't believe that the people who wrote the selinux policy files didn't think that people would need tftp uploads so I did some digging. I found another, better solution to this problem. Red Hat Store Red Hat Marketplace Community Discussions Clear up some questions on tftp and tftp-server on RHEL 8 Posted In Red Hat Enterprise Linux Clear up some questions on tftp and tftp-server on RHEL 8 Posted on Decemat 8:59 PM Using RHEL 8.1, and wouldn't think this would be this complicated. service xinetd reload and try using tftp.create an installable policy using grep tftp /var/log/audit/audit.log | audit2allow -M tftpwrite then install it using semodule -i tftpwrite.pp.If not, try writing and creating again to generate alerts in the audit log and try again. Make sure that the policy includes write and create lines. do grep tftp /var/log/audit/audit.log | audit2allow -m tftpwrite to create a selinux policy.touch a file in the directoy, chmod 666 it, and then via tftp localhost, try and overwrite the file. ![]() do a tftp localhost and try to put a file in the directory.make sure that the directory tftp will be writing to has 777 permissions.make sure your xinetd.d/tftpd has -c -v -s /tftpboot in the server args line.make sure you have audit installed in centos otherwise SELinux may not log anything!.Then open the configuration file using your favorite command line editor. After a few attempts it all started working - uploading, and creation of new files. To configure an FTP server, you need to take the backup of the main FTP configuration file /etc/vsftpd/nf using the following copy command. Followed the info at, paying particular attention to "rinse and repeat" in order to get the selinux policies in place. ![]()
0 Comments
Leave a Reply. |