SELinux and Squid - Non-default squid http_port (!=3128)

Thomas Springer th.springer at gmx.net
Sun Aug 28 01:36:20 UTC 2005


=== Date : Sun, 28 Aug 2005 03:06:53 +0200
=== From : Øyvind Stegard

> Hi,
> 
> I have a server box on which I haven't disabled selinux (for 
> experimentation purposes =). I'd like to change the default port on 
> which squid listens for HTTP requests. Changing it in the
> squid-config is trivial, but selinux then prevents squid from binding
> to the non-default port, I guess because it doesn't match what is set
> up in the selinux policy. Is there an easy way around this (except
> for not disabling selinux, I'm keeping it enabled to force myself to
> learn about it:). Do I have to recompile the selinux-policy (is this
> an easy thing to do?), just for this change ? Or can I just disable
> SELinux for squid only ?
> 
> Øyvind.

Try this:

# /usr/bin/system-config-securitylevel

Find panel SELinux and change 'squid_allow_any' in category /Others.

But maybe i misinterpreted this key. You have to find out. Others will
probably have more knowledge on this topic and help you.

Get documentaton here:

http://www.redhat.com/docs/manuals/enterprise/


Thomas





More information about the fedora-list mailing list