[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: changing squid cache dir

From: Paul Howarth <paul city-fan org>
To: Wart <wart kobold org>
Cc: Fedora SELinux support list <fedora-selinux-list redhat com>
Subject: Re: changing squid cache dir
Date: Sun, 26 Nov 2006 16:47:52 +0000

On Fri, 2006-11-24 at 16:05 -0800, Wart wrote:
> I reconfigured my squid to use a cache directory on a filesystem with 
> more space (/space/squid/cache, and relabeled /space/squid and all of 
> its subdirectories with system_u:object_r:squid_cache_t.
> 
> Now I'm getting AVC denied messages[1] because it seems that squid wants 
> to read from /.
> 
> setroubleshoot says that I can run "setsebool -P read_default_t=1" to 
> remove this denial, but I'd rather find out why squid wants to read from 
> / and relabel files appropriately.  Any ideas?
> 
> --Wart
> 
> [1] avc: denied { search } for comm='"squid"' dev='sdb5' egid='0' 
> euid='0' exe='"/usr/sbin/squid"' exit='-13' fsgid='0' fsuid='0' gid='0' 
> items='0' name='"/"' pid='3114' scontext=system_u:system_r:squid_t:s0 
> sgid='0' subj='system_u:system_r:squid_t:s0' suid='0' tclass='dir' 
> tcontext=system_u:object_r:default_t:s0 tty='(none)' uid='0'

I suspect that the "/" here is the root directory of the filesystem,
most likely /space, and that this problem will go away if you do:

# chcon -t var_t /space

Paul.

Follow-Ups:
- Re: changing squid cache dir
  - From: Wart

References:
- changing squid cache dir
  - From: Wart

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]