fedora-selinux-list Digest, Vol 20, Issue 18

Jayendren Anand Maduray jayendren at hivsa.com
Thu Oct 27 06:20:23 UTC 2005 

Hi!

Just noticed more errors!

Here is the output:

audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
tclass=file
audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
tclass=file
audit(1130392270.019:0): avc:  denied  { getattr } for  pid=3218 
exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav dev=hda8 
ino=185872 scontext=user_u:system_r:squid_t 
tcontext=system_u:object_r:bin_t tclass=file


Also:

[root at shiva jay]# ls -lZ /var/log/squid/
-rw-r--r--  squid    squid    system_u:object_r:bin_t          access.log
-rw-r--r--  squid    squid    system_u:object_r:bin_t          cache.log
-rw-r--r--  squid    squid    system_u:object_r:bin_t          squid.out
-rw-r--r--  squid    squid    system_u:object_r:bin_t          store.log

[root at shiva jay]# service squid restart

Stopping squid: /etc/init.d/squid: line 82:  5108 
Aborted                 $SQUID -k check >>/var/log/squid/squid.out 2>&1
                                                           [FAILED]
Starting squid: /etc/init.d/squid: line 53:  5109 
Aborted                 $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
                                                           [FAILED]

Please note that i re-enabled SElinux for squid via 
system-config-security in FC3.

Any help will be appreciated.

God bless.


Daniel J Walsh wrote:

> Jayendren Anand Maduray wrote:
>
>> Thanks for you help, again!
>>
>> Here is the output:
>>
>> [root at shiva jay]# chcon -t bin_t /usr/local/squidclamav/bin/*
>> You have mail in /var/spool/mail/jay
>> [root at shiva jay]#
>> [root at shiva jay]# ls -lZ /usr/local/squidclamav/bin
>> -rwxr-xr-x  root     root     system_u:object_r:bin_t          
>> squidclamav
>>
>>
>> I will reboot, and check the system as it starts up.
>>
>> Currently, i use system-config-securitylevel to re-enable squid.
>>
>> Which file can i edit to do this from the command line?
>
> setsebool and getsebool are command line tools for manipulating booleans
>
> setsebool -P squid_disable_trans=1
>
> Enables SELinux enforcement and writes this to the defaults file
>
> /etc/selinux/SELINUXTYPE/booleans.local
>
>

-- 
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
IT Administrator

Perinatal HIV Research Unit
Old Potch Road
Chris Hani Baragwanath Hospital
Soweto
South Africa

Tel: +27 11 989 9776
Tel: +27 11 989 9999
Fax: +27 11 938 3973
Cel: 082 22 774 94

Alternate email address: jayendren at mweb.co.za

More information about the fedora-selinux-list mailing list