[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: squid denial on F11 for var_run_t

From: Paul Howarth <paul city-fan org>
To: Scott Radvan <sradvan redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: squid denial on F11 for var_run_t
Date: Mon, 15 Jun 2009 07:19:39 +0100

On Mon, 15 Jun 2009 13:47:08 +1000
Scott Radvan <sradvan redhat com> wrote:

> Hi list,
> 
> 
> 
> As many of you know I am working on a Managing Confined Services guide
> for Fedora. 
> 
> Having set up a simple squid environment on Fedora 11, with minimal
> and default settings in squid.conf (http_port 3128 as allowed by
> semanage, and a default cache_dir), I was able to create the cache
> directory structure, but I got a denial when actually starting squid
> for the first time (I assume this happens as it attempts to create
> its pid in /var/run):

What's happening here is a denial for *reading* /var/run/squid.pid,
which is of type var_run_t. Now in Fedora 11 this file should be
labelled squid_var_run_t, and that's what it is labelled on two Fedora
11 boxes freshly installed here. It seems there's a labelling problem
on your system. Can you post the output of "ls -lZa /var/run"? Is your
system a fresh install or an upgrade?

Paul.

Follow-Ups:
- Re: squid denial on F11 for var_run_t
  - From: Scott Radvan

References:
- squid denial on F11 for var_run_t
  - From: Scott Radvan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]