[FC3] squid ftp blocked by selinux
Jurgen Kramer
gtm.kramer at inter.nl.net
Sat Jul 30 12:14:35 UTC 2005
On Sat, 2005-07-30 at 12:57 +0100, Paul Howarth wrote:
> On Sat, 2005-07-30 at 11:48 +0200, Jurgen Kramer wrote:
> > After the last selinux policy update I can no longer use squid to proxy
> > FTP transfers. dmesg shows lots of:
> >
> > audit(1122716171.029:8): avc: denied { name_connect } for pid=2553
> > comm="squid" dest=21 scontext=user_u:system_r:squid_t
> > tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> > audit(1122716171.129:9): avc: denied { name_connect } for pid=2553
> > comm="squid" dest=21 scontext=user_u:system_r:squid_t
> > tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> > audit(1122716171.229:10): avc: denied { name_connect } for pid=2553
> > comm="squid" dest=21 scontext=user_u:system_r:squid_t
> > tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> >
> > HTTP transfers still function fine. How can I fix this?
>
> Does this help?
>
> # setsebool -P squid_connect_any 1
Yep, that worked. Is this a workaround? Does it survive reboots?
Thanks.
Jurgen
More information about the fedora-list
mailing list