[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: squid reverse proxy - AVC

From: Mail Lists <lists sapience com>
To: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Cc:
Subject: Re: squid reverse proxy - AVC
Date: Sun, 04 Jan 2009 15:29:46 -0500


 Apolagize I didnt list reply ...

trying again:

On 01/04/2009 02:38 PM, Daniel J Walsh wrote:
> > This looks like squid_t is searching a directory named etc which is
> > labeled named_conf_t?
> >
> > what does ls -ldZ /etc
> > say?

   # ls -ldZ /etc
drwxr-xr-x  root root system_u:object_r:etc_t:s0       /etc/

> >
> > Did you relabel /etc directory named_conf_t?

  nope - only thing I find with named_conf_t is /var/named/chroot

  I note that sealert does not always show the full path - be nice if it
did. In this case there are not a lot of directores called etc so its
not hard to find.

> >
> > Do you have squid running within some kind of named chroot?

  squid is not chrooted but of course bind is running in its
/var/named/chroot.

  This is a standard F10 install - i simply added to /etc/squid.conf
some acl's and a line to have it reverse proxy to DMZ web server like below

  http_port <EXT_IP>:80 vhost defaultsite=<webhostname>:80

Follow-Ups:
- Re: squid reverse proxy - AVC
  - From: David P. Quigley

References:
- squid reverse proxy - AVC
  - From: Mail Lists
- Re: squid reverse proxy - AVC
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]