TFTP + CentOS 7 + SELinux

Welly, well, well…when in need of a TFTP server why not build your own, leave SELinux enabled, create a custom repo, fight against SELinux, find some help on the internets, and end up spending up way too much time on what was supposed to be a quick task.

I’m sure this page will get four views in the next year but perhaps it’ll help someone looking to backup their Cisco switch config across the network.  After running through this config on my test CentOS 7 VM I was able to copy the Cisco config back and forth to the /tftpdir/cisco directory as needed.

sudo yum install tftp-server xinetd -y

sudo firewall-cmd --permanent --add-service=tftp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all 

# disallows tftp copies to root dir but will allow copy to sub folder, repeat for other folders as needed
sudo mkdir /tftpdir
sudo mkdir /tftpdir/cisco
sudo chmod o+rwx /tftpdir/cisco/ 

sudo semanage fcontext -a -e  /var/lib/tftpboot '/tftpdir(/.*)?' 
sudo semanage fcontext -a -t tftpdir_rw_t '/tftpdir(/.*)?'
sudo restorecon -vvRF /tftpdir

sudo vi /etc/xinetd.d/tftp
# Change server_args = -c -s /tftpdir
# Change disable = no

sudo vi /usr/lib/systemd/system/tftp.service
# original ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
# update to ExecStart=/usr/sbin/in.tftpd -c -s /tftpdir
sudo systemctl daemon-reload

sudo systemctl enable tftp xinetd && sudo systemctl start tftp xinetd && systemctl status tftp xinetd