seLinux, Squid and adzap

David Niemi drn_temp2 at rogers.com
Sun Jul 10 16:15:39 UTC 2005 

I am trying to get squid to run as an accelerator and also do ad zapping
with Cameron Simpson's AdZap routine. I am getting lots of SELinux
errors for the zapping script to be run by squid and also that squid do
something with swap.state and swap log

setting the SELinux protection off for squid still results in the error
about the swap.state and swap log.

so it seems that I need to change something with the SELinux context for
squid and the adzap scripts but have no real idea how to go about.  I
tried relabeling but that didn't do it.

What can I do to remedy this?

from messages
Jul 10 11:33:08 rhonda ntpd[2467]: frequency initialized -12.030 PPM
from /var/lib/ntp/drift
Jul 10 11:33:08 rhonda squid[2519]: Squid Parent: child process 2522
started
Jul 10 11:33:09 rhonda (squid): storeUfsDirOpenSwapLog: Failed to open
swap log.
Jul 10 11:33:09 rhonda squid[2519]: Squid Parent: child process 2522
exited due to signal 6
Jul 10 11:33:12 rhonda squid[2519]: Squid Parent: child process 2533
started
Jul 10 11:33:12 rhonda (squid): storeUfsDirOpenSwapLog: Failed to open
swap log.
Jul 10 11:33:12 rhonda squid[2519]: Squid Parent: child process 2533
exited due to signal 6
Jul 10 11:33:15 rhonda squid[2519]: Squid Parent: child process 2544
started
Jul 10 11:33:15 rhonda (squid): storeUfsDirOpenSwapLog: Failed to open
swap log.
Jul 10 11:33:15 rhonda squid[2519]: Squid Parent: child process 2544
exited due to signal 6
Jul 10 11:33:18 rhonda squid[2519]: Squid Parent: child process 2555
started
Jul 10 11:33:18 rhonda (squid): storeUfsDirOpenSwapLog: Failed to open
swap log.
Jul 10 11:33:18 rhonda squid[2519]: Squid Parent: child process 2555
exited due to signal 6
Jul 10 11:33:21 rhonda squid[2519]: Squid Parent: child process 2569
started
Jul 10 11:33:22 rhonda (squid): storeUfsDirOpenSwapLog: Failed to open
swap log.
Jul 10 11:33:22 rhonda squid[2519]: Squid Parent: child process 2569
exited due to signal 6
Jul 10 11:33:22 rhonda squid[2519]: Exiting due to repeated, frequent
failures

from audit
type=SYSCALL msg=audit(1121009601.928:43072): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfcc0670 a2=2318d0 a3=b7fb36a0 items=0
pid=2569 auid=4294967295 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23
sgid=23 fsgid=23 comm="squid" exe="/usr/sbin/squid"
type=AVC msg=audit(1121009601.928:43072): avc:  denied  { name_connect }
for  pid=2569 comm="squid" dest=32811 scontext=system_u:system_r:squid_t
tcontext=system_u:object_r:port_t tclass=tcp_socket
type=SOCKETCALL msg=audit(1121009601.929:43096): nargs=3 a0=7
a1=bfcc06ec a2=10
type=SOCKADDR msg=audit(1121009601.929:43096):
saddr=0200802D7F0000010000000000000000
type=SYSCALL msg=audit(1121009601.929:43096): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfcc0670 a2=2318d0 a3=b7fb36a0 items=0
pid=2569 auid=4294967295 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23
sgid=23 fsgid=23 comm="squid" exe="/usr/sbin/squid"
type=AVC msg=audit(1121009601.929:43096): avc:  denied  { name_connect }
for  pid=2569 comm="squid" dest=32813 scontext=system_u:system_r:squid_t
tcontext=system_u:object_r:port_t tclass=tcp_socket
type=SOCKETCALL msg=audit(1121009601.930:43120): nargs=3 a0=7
a1=bfcc06ec a2=10
type=SOCKADDR msg=audit(1121009601.930:43120):
saddr=0200802F7F0000010000000000000000
type=SYSCALL msg=audit(1121009601.930:43120): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfcc0670 a2=2318d0 a3=b7fb36a0 items=0
pid=2569 auid=4294967295 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23
sgid=23 fsgid=23 comm="squid" exe="/usr/sbin/squid"
type=AVC msg=audit(1121009601.930:43120): avc:  denied  { name_connect }
for  pid=2569 comm="squid" dest=32815 scontext=system_u:system_r:squid_t
tcontext=system_u:object_r:port_t tclass=tcp_socket
type=SOCKETCALL msg=audit(1121009601.930:43144): nargs=3 a0=7
a1=bfcc06ec a2=10
type=SOCKADDR msg=audit(1121009601.930:43144):
saddr=020080317F0000010000000000000000
type=SYSCALL msg=audit(1121009601.930:43144): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfcc0670 a2=2318d0 a3=b7fb36a0 items=0
pid=2569 auid=4294967295 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23
sgid=23 fsgid=23 comm="squid" exe="/usr/sbin/squid"
type=AVC msg=audit(1121009601.930:43144): avc:  denied  { name_connect }
for  pid=2569 comm="squid" dest=32817 scontext=system_u:system_r:squid_t
tcontext=system_u:object_r:port_t tclass=tcp_socket

from cache.log
2005/07/10 11:33:21| Starting Squid Cache version 2.5.STABLE9 for
i386-redhat-linux-gnu...
2005/07/10 11:33:21| Process ID 2569
2005/07/10 11:33:21| With 1024 file descriptors available
2005/07/10 11:33:21| DNS Socket created at 0.0.0.0, port 32775, FD 5
2005/07/10 11:33:21| Adding nameserver 24.153.22.67
from /etc/resolv.conf
2005/07/10 11:33:21| Adding nameserver 24.153.23.66
from /etc/resolv.conf
2005/07/10 11:33:21| helperOpenServers: Starting 5 'squid_redirect'
processes
2005/07/10 11:33:21| WARNING: Cannot run '/usr/local/bin/squid_redirect'
process.
2005/07/10 11:33:21| WARNING: Cannot run '/usr/local/bin/squid_redirect'
process.
2005/07/10 11:33:21| WARNING: Cannot run '/usr/local/bin/squid_redirect'
process.
2005/07/10 11:33:21| WARNING: Cannot run '/usr/local/bin/squid_redirect'
process.
2005/07/10 11:33:21| WARNING: Cannot run '/usr/local/bin/squid_redirect'
process.
2005/07/10 11:33:21| User-Agent logging is disabled.
2005/07/10 11:33:21| Referer logging is disabled.
2005/07/10 11:33:21| Unlinkd pipe opened on FD 10
2005/07/10 11:33:21| Swap maxSize 102400 KB, estimated 7876 objects
2005/07/10 11:33:21| Target number of buckets: 393
2005/07/10 11:33:21| Using 8192 Store buckets
2005/07/10 11:33:21| Max Mem  size: 8192 KB
2005/07/10 11:33:21| Max Swap size: 102400 KB
2005/07/10 11:33:21| /var/spool/squid/swap.state: (13) Permission denied
FATAL: storeUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 2.5.STABLE9): Terminated abnormally.
CPU Usage: 0.019 seconds = 0.006 user + 0.013 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

from squid.out
squid: ERROR: Could not send signal 0 to process 31876: (3) No such
process

/var/spool/
drwxr-x---  squid    squid    system_u:object_r:squid_cache_t  squid

/usr/local/bin/
[root at rhonda bin]# ls -alZ
drwxr-xr-x  root     root     system_u:object_r:bin_t          .
drwxr-xr-x  root     root     system_u:object_r:usr_t          ..
-rwxr-xr-x  root     root     system_u:object_r:bin_t
squid_redirect
-rwxr-xr-x  root     root     system_u:object_r:bin_t          wrapzap

More information about the fedora-list mailing list