selinux blocks access via sftp for chrooted user
you may want to install setroubleshoot. audit2allow is installed as part of that install.
If selinux blocks access via sftp for chrooted user
try:
grep denied /var/log/audit/audit.log | audit2allow -M postgreylocal
this is how postgrey will looks like and give permission to remove, rename, delete, create file/directory
module postgreylocal 1.0;
require {
type user_home_t;
type chroot_user_t;
class dir { rename write rmdir remove_name create add_name };
class file { write create unlink link setattr };
}
#============= chroot_user_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:dir { rename rmdir };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:dir { write remove_name create add_name };
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:file { unlink link };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:file { write create setattr };
after that run command
semodule -i postgreylocal.pp
If selinux blocks access via sftp for chrooted user
try:
grep denied /var/log/audit/audit.log | audit2allow -M postgreylocal
this is how postgrey will looks like and give permission to remove, rename, delete, create file/directory
module postgreylocal 1.0;
require {
type user_home_t;
type chroot_user_t;
class dir { rename write rmdir remove_name create add_name };
class file { write create unlink link setattr };
}
#============= chroot_user_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:dir { rename rmdir };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:dir { write remove_name create add_name };
#!!!! This avc can be allowed using one of the these booleans:
# ssh_chroot_rw_homedirs, ssh_chroot_full_access
allow chroot_user_t user_home_t:file { unlink link };
#!!!! This avc is allowed in the current policy
allow chroot_user_t user_home_t:file { write create setattr };
after that run command
semodule -i postgreylocal.pp
1D4CCE3A9A
ReplyDeletetakipçi satın al
Yabancı Takipçi
Garantili Takipçi
Aşk Acısı Nasıl Unutulur
Havale ile Takipçi