Re: tftp???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel Vogel wrote:
I run SELinux on all my boxes, including my desktop. It's not a big hassle because the default targeted policy is aimed at the daemons,leaving normal user operations running unconfined. If you can get the daemons sorted out so that the SELinux policy matches the way you are using them, it doesn't get in the way. Daniel's issue is that he is using the tftp daemon in a way not currently covered by policy. He doesn't appear to have the patience to either tweak the policy to make it work for the way he's using the system, or to raise the issue on the selinux list or in bugzilla. So SELinux is not likely to get any better for him unless someone else has the same issues and works them through, getting the necessary changes made so that everyone benefits.
First just let me say that i was asking about that, wasn't me who had problems with tftp.
But im not waiting for anybody to the job that belongs to me, i just wont use selinux until IT works properly. (why i have to disable it on a fresh install to make things work?). There are many people that just turns it off or downgrade it functions to make they'r things work instead of trying to fix it for 2 mainly reasons: 

we'r lazy, or we don't have the time to investigate it and try to fix it.
I insist, why i have to trust on something that i have to tweak to make it work properly on my computer? I mean, i don't know how to do it, will take me a lot of time to learn it, so i don't trust on my skills to do it, (therefore it don't think it'll work fine), so i just prefer to shut it down, or whatever, to make my services go outside.
And a last thing Paul, i think i need to know a lot more to give an opinion on how things can be improved. I appreciate a lot so many ppl helping others, but i don't feel the knoweledge to be one of thems. 

Sorry if I caused offence. No coffee before posting this morning.
Many things need to be configured before they work to your satisfaction. They may have a default configuration that will work for many people, but lots of people need to configure, say, samba, before it will work nicely in their environment. SELinux is no different. The default configuration, as with most security-related packages, is quite restrictive and needs to be tweaked (e.g. using setsebool) for many applications. It's just a case of getting familiar with it so that you know how to tweak it, just like with other packages.
The default configuration of SELinux is *never* going to support upload in tftp, I'm pretty sure of that. But a request on fedora-selinux-list or in bugzilla to allow this to be enabled would probably be treated sympathetically. 

Paul.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux