Hello,
Tried that as well, I am using ~/selinux/local
After the change by chcon
# ls -Z ~/selinux
drwxr-xr-x root root user_u:object_r:usr_t local
# ls -Z ~/selinux/local
-rw-r--r-- root root user_u:object_r:usr_t local.mod
-rw-r--r-- root root user_u:object_r:usr_t local.pp
-rw-r--r-- root root user_u:object_r:usr_t local.te
# semodule -i local.pp
libsemanage.semanage_commit_sandbox: Could not remove previous backup
/etc/selinux/targeted/modules/previous.
In fact I have now solved the issue.
It involves enabling the boolean as you suggested before :
# setsebool -P ftp_home_dir 1
# setsebool -P ftpd_is_daemon 1
Plus, changing the corresponding user home directory ACL to be less
restrictive than 0700 -> 0755
( thanks to Thomas Bleher for the hint )
--
Best regards,
Ketut Mahaindra (Ito)
"The race for perfection has no finish line"
-----Original Message-----
From: Paul Howarth
Sent: Thursday, May 11, 2006 2:53 PM
To: Ketut Mahaindra
Cc: fedora-selinux-list(a)redhat.com
Subject: RE: Allowing vsftpd access for user's home directory
On Thu, 2006-05-11 at 14:32 +0800, Ketut Mahaindra wrote:
Hello,
I tried your suggestion in conjunction with the FC5 SELinux FAQ:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2958106
So, I did the following
# audit2allow -m local -l -i /var/log/audit/audit.log
Which give me something like:
module local 1.0;
require {
class capability { dac_override dac_read_search };
type ftpd_t;
};
allow ftpd_t self:capability { dac_override dac_read_search };
So, naturally I want it to be inside a file for compilation.
Then I did:
# audit2allow -m local -l -i /var/log/audit/audit.log > local.te
# checkmodule -M -m -o local.mod local.te
# semodule_package -o local.pp -m local.mod
# semodule -i local.pp
But, on that last step I get an error message "semodule: Could not read
file 'local.pp':"
It's strange, because the file local.pp is created normally by the
semodule_package command.
Did I miss anything?
Try this:
Move the files you've used for this process (the .te/.pp files etc.) to
a new, empty directory (I used /root/selinux.local) and change to that
directory. Then do:
# chcon -Rh -t usr_t .
Then try the semanage command again.
Paul.