squid.te
Giuseppe Greco
giuseppe.greco at agamura.com
Sat Dec 11 10:44:09 UTC 2004
Thanks,
now I've added the following two lines
to /etc/selinux/targeted/src/policy/domains/program/squid.te:
allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
allow { squid_t initrc_t } squid_log_t:file create_file_perms;
... but I still get the following error message when restarting
squid:
Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
tclass=dir
audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
tclass=dir
I've also a similar problem with sendmail when accessed via
squirrelmail:
audit(1102761151.989:0): avc denied { search } for
pid=1841 exe=/usr/sbin/httpd name=spool dev=dm-6 ino=224002
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
audit(1102761496.288:0): avc denied { getattr } for
pid=1841 exe=/usr/sbin/httpd path=/var/spool dev=dm-6 ino=224002
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
I don't how to proceed...
j3d.
On Fri, 2004-12-10 at 06:40 -0800, Karsten Wade wrote:
> On Fri, 2004-12-10 at 14:23 +0100, Giuseppe Greco wrote:
> > ... sorry for my ignorance, but where are *.te files located?
> > I cannot find them...
>
> You have to have selinux-policy-<policyname>-sources (the policy source
> package) installed. Then you can find everything
> within /etc/selinux/<policyname>/src/policy. In this case, you
> want /etc/selinux/<policyname>/src/policy/domains/program/squid.te.
>
> - Karsten
> >
> > j3d.
> >
> > On Sun, 2004-12-05 at 11:11 -0800, Tom London wrote:
> > > Running strict/enforcing, latest Rawhide
> > >
> > > squid and initrc needs to create/write /var/log/squid/squid.out, etc
> > >
> > > Suggest adding:
> > > allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
> > > allow { squid_t initrc_t } squid_log_t:file create_file_perms;
> > >
> > > tom
--
----------------------------------------
Giuseppe Greco
::agamura::
phone: +41 (0)91 604 67 65
mobile: +41 (0)79 602 99 27
email: giuseppe.greco at agamura.com
web: www.agamura.com
----------------------------------------
More information about the fedora-selinux-list
mailing list