SELinux and Squid - Non-default squid http_port (!=3128)

Paul Howarth paul at city-fan.org
Tue Aug 30 14:12:35 UTC 2005


Øyvind Stegard wrote:
> By 'squid_allow_any', I am assuming you mean 'squid_connect_any'. I 
> tried this instead of 'squid_disable_trans', but that does not work.

That would allow squid to connect outbound to web servers running on 
non-standard ports; it doesn't affect the port that squid can bind to 
itself.

> I can only get squid up and running on http_port 64030 by setting 
> 'squid_disable_trans'.

An alternative approach would be to install the policy sources and edit 
/etc/selinux/targeted/src/policy/net_contexts, adding a line:

portcon tcp 3128  system_u:object_r:http_cache_port_t

replacing 3128 with the port number you want to use.

Then do:

# cd /etc/selinux/targeted/src/policy
# rm policy.conf
# make reload

Paul.




More information about the fedora-list mailing list