tftp???

[Paul Howarth]

On Mon, 2005-09-12 at 20:49 -0400, Peter Arremann wrote:
> On Monday 12 September 2005 20:45, Daniel Vogel wrote:
> > [snip snip]
> >
> > >The default SELinux policy for tftpd does not support upload, so
> > >that<br>>could be the issue if you're >running SELinux.
> >
> > So, again... whats the point of selinux?
> > I have disabled it to make my machine work properly. When it was working
> > many things didn't run.
> >
> > I just still can't find the utility of it.
> Security always comes at the price of userfriendlyness. If you have a system 
> that is used for development, as a desktop or a test machine I've not found 
> much use for it either. If you on the other hand run a system as a server 
> with a workload that does not change often (i.e. running the same app over 
> and over again by different users) it gives you an additional layer of 
> security.

I run SELinux on all my boxes, including my desktop. It's not a big
hassle because the default targeted policy is aimed at the daemons,
leaving normal user operations running unconfined. If you can get the
daemons sorted out so that the SELinux policy matches the way you are
using them, it doesn't get in the way.

Daniel's issue is that he is using the tftp daemon in a way not
currently covered by policy. He doesn't appear to have the patience to
either tweak the policy to make it work for the way he's using the
system, or to raise the issue on the selinux list or in bugzilla. So
SELinux is not likely to get any better for him unless someone else has
the same issues and works them through, getting the necessary changes
made so that everyone benefits.

Paul.
-- 
Paul Howarth <paul at city-fan.org>