tftp from home dir running under xinetd
Gene Smith
gds at chartertn.net
Mon Jul 4 16:11:51 UTC 2011
Marcos Ortiz wrote, On 07/04/2011 02:02 AM:
> Can you show here the error in the log?
> Do you have SELinux enabled in enforcing mode?
> Try to do this: getsetbool -a | grep tftpd to see all boolean related to
> this service.
>
> Regards
$ getsebool -a | grep tftp
tftp_anon_write --> off
I have set this bool to "on" via the selinux gui and it made no
difference. (Also, I am not not trying to write via tftp, just read.)
This is the error I see running with in full enforcing mode and it
occurs each time the remote host (a bdi2000 jtag emulator) attempts to
read its configuration file using tftp from the fedora box.
Jul 4 00:36:33 wally xinetd[6013]: START: tftp pid=6706 from=192.168.1.21
Jul 4 00:36:33 wally in.tftpd[6706]: /home/gene/my_dir: Permission denied
Jul 4 00:36:33 wally xinetd[6013]: EXIT: tftp status=66 pid=6706
duration=0(sec)
When I change just the tftpd process to "permissive" using the selinux
gui it fixes the problem.
Note: If I put the files read by the emulator in the "standard"
location, /var/lib/tftpd, it works OK in full enforcing mode.
-gene
>
> On 07/04/2011 12:50 AM, Gene Smith wrote:
>> I can manually run a tftp server that allows access to files in a
>> directory under ~ with no problem. But when I try to run the server
>> under xinetd using the /etc/xinetd.d/tftp configuration file a
>> "permission denied" error shows up in /var/log/message with no
>> indication it is selinux related. But if I make selinux permissive for
>> tftpd it then works.
>>
>> Is there a quick way to configure selinux to allow this type of tftp
>> access (just read-only) w/o resorting to a "permissive" setting?
>>
>> Thanks,
>> -gene
>>
>
> --
> Marcos Luís Ortíz Valmaseda
> Software Engineer (UCI)
> http://marcosluis2186.posterous.com
> http://twitter.com/marcosluis2186
>
More information about the users
mailing list