[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: squid reverse proxy - AVC

From: "David P. Quigley" <dpquigl tycho nsa gov>
To: Mail Lists <lists sapience com>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: squid reverse proxy - AVC
Date: Mon, 05 Jan 2009 10:30:53 -0500

On Sun, 2009-01-04 at 15:29 -0500, Mail Lists wrote:
> 
>  Apolagize I didnt list reply ...
> 
> trying again:
> 
> On 01/04/2009 02:38 PM, Daniel J Walsh wrote:
> > > This looks like squid_t is searching a directory named etc which is
> > > labeled named_conf_t?
> > >
> > > what does ls -ldZ /etc
> > > say?
> 
>    # ls -ldZ /etc
> drwxr-xr-x  root root system_u:object_r:etc_t:s0       /etc/
> 
> > >
> > > Did you relabel /etc directory named_conf_t?
> 
>   nope - only thing I find with named_conf_t is /var/named/chroot
> 
>   I note that sealert does not always show the full path - be nice if it
> did. In this case there are not a lot of directores called etc so its
> not hard to find.

The directory you are trying to access is etc but not /etc
under /var/named/chroot there is an etc directory in there for the
chroot which is labeled with named_conf_t. It might be good for us to
have this labeled with etc_t instead. There are several directories
under the chroot which should probably be given their properly labeling.

Dave

References:
- squid reverse proxy - AVC
  - From: Mail Lists
- Re: squid reverse proxy - AVC
  - From: Daniel J Walsh
- Re: squid reverse proxy - AVC
  - From: Mail Lists

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]