If selinux blocks access via sftp for chrooted user
try:
grep denied /var/log/audit/audit.log | audit2allow -M postgreylocal
this is how postgrey will looks like and give permission to remove, rename, delete, create file/directory
module postgreylocal 1.0;
require {
type user_home_t;
type chroot_user_t;
class dir { rename write rmdir remove_name create add_name };
class file { write create unlink link setattr };
}
#============= chroot_user_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:dir { rename rmdir };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:dir { write remove_name create add_name };
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:file { unlink link };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:file { write create setattr };
after that run command
semodule -i postgreylocal.pp
No comments:
Post a Comment