[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Help with squid / squidGuard

From: Dominick Grift <domg472 gmail com>
To: Arthur Dent <selinux list troodos demon co uk>
Cc: fedora-selinux-list redhat com
Subject: Re: Help with squid / squidGuard
Date: Thu, 05 Feb 2009 20:50:39 +0100

Op donderdag 05-02-2009 om 18:42 uur [tijdzone +0000], schreef Arthur
Dent:

> The proposed remedy of:
> restorecon -v '/var/squidGuard/blacklists/blacklists/porn/domains.db'
> made no difference.
> 
> When I do a ls -laZ on these directories I get a mizture of:
> squid squid system_u:object_r:var_t:s0 and
> squid squid unconfined_u:object_r:var_t:s0

It looks like squidGuard owns /var/squidGuard but does not manage it's
content with a private type.

Then later squid tries to interact with squidGuards content there.

But the content is created with a generic type for var (var_t)

You can solve this issue by writing policy for squidGuard. You should
enforce squidGuard to manage it's files using private types instead of
just using the generic var_t.

Then later, you can give squid access to that type.

Can you share your policy for squidGuard?
In which domain is the squidGuard process running? ps auxZ | grep
squidguard.

The point is that squid_t is not allowed to read and write generic
content in /var.

hth

> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Follow-Ups:
- Re: Help with squid / squidGuard
  - From: Arthur Dent

References:
- Help with squid / squidGuard
  - From: Arthur Dent

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]