Still svc: denied { getattr }...
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 3 15:39:26 UTC 2005
Giuseppe Greco wrote:
>Hi all,
>
>I've just updated my SELinux policies, but I still get the
>following error messages when restarting squid:
>
>audit(1104589130.341:0): avc: denied { getattr } for pid=2759
> exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
> scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
> tclass=dir
>audit(1104589130.342:0): avc: denied { getattr } for pid=2759
> exe=/usr/sbin/squid path=/tmp dev=hda1 ino=2
> scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
> tclass=dir
>
>
>
You can add these as dontaudit rules to policy. Looks like squid is
just looking for
what is in the / directory.
adding the following to policy will eliminate these messages. (BTW they
are harmless).
dontaudit squid_t { boot_t tmp_t }:dir getattr;
I will add these rules in selinux-policy-targeted-1.17.30-2.63
Dan
>Shouldn't these rules already been fixed? What can I do to get
>squid finally working without complying?
>
>Thanks,
>j3d.
>
>
More information about the fedora-selinux-list
mailing list