Still svc: denied { getattr }...

Daniel J Walsh dwalsh at redhat.com
Mon Jan 3 15:39:26 UTC 2005


Giuseppe Greco wrote:

>Hi all,
>
>I've just updated my SELinux policies, but I still get the
>following error messages when restarting squid:
>
>audit(1104589130.341:0): avc: denied { getattr } for pid=2759
>  exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
>  scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
>  tclass=dir
>audit(1104589130.342:0): avc: denied { getattr } for pid=2759
>  exe=/usr/sbin/squid path=/tmp dev=hda1 ino=2
>  scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
>  tclass=dir
>
>  
>
You can add these as dontaudit rules to policy.  Looks like squid is 
just looking for
what is in the / directory.

adding the following to policy will eliminate these messages.  (BTW they 
are harmless).
dontaudit squid_t { boot_t tmp_t }:dir getattr;

I will add these rules in selinux-policy-targeted-1.17.30-2.63

Dan

>Shouldn't these rules already been fixed? What can I do to get
>squid finally working without complying?
>
>Thanks,
>j3d.
>  
>




More information about the fedora-selinux-list mailing list