squid.te

Giuseppe Greco giuseppe.greco at agamura.com
Mon Dec 13 15:12:08 UTC 2004 

On Mon, 2004-12-13 at 09:59 -0500, Daniel J Walsh wrote:
> Giuseppe Greco wrote:
> 
> >On Mon, 2004-12-13 at 09:26 -0500, Daniel J Walsh wrote:
> >  
> >
> >>Giuseppe Greco wrote:
> >>
> >>    
> >>
> >>>Thanks,
> >>>
> >>>now I've added the following two lines
> >>>to /etc/selinux/targeted/src/policy/domains/program/squid.te:
> >>>
> >>>allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
> >>>allow { squid_t initrc_t } squid_log_t:file create_file_perms;
> >>>
> >>>... but I still get the following error message when restarting
> >>>squid:
> >>>
> >>>Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
> >>> pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
> >>> scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
> >>> tclass=dir
> >>>
> >>>audit(1102241826.255.0): avc: denied { getattr } for
> >>> pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
> >>> scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
> >>> tclass=dir
> >>>
> >>>I've also a similar problem with sendmail when accessed via
> >>>squirrelmail:
> >>>
> >>>audit(1102761151.989:0): avc denied { search } for
> >>> pid=1841 exe=/usr/sbin/httpd name=spool dev=dm-6 ino=224002
> >>> scontext=user_u:system_r:httpd_t
> >>> tcontext=system_u:object_r:var_spool_t tclass=dir
> >>>
> >>>audit(1102761496.288:0): avc denied { getattr } for
> >>> pid=1841 exe=/usr/sbin/httpd path=/var/spool dev=dm-6 ino=224002
> >>> scontext=user_u:system_r:httpd_t
> >>> tcontext=system_u:object_r:var_spool_t tclass=dir
> >>>
> >>>I don't how to proceed...
> >>>j3d.
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>All of these should be covered by the latest policy files.   Have you 
> >>updated your policy files?
> >>
> >>    
> >>
> >
> >Yes, I'm up2date...
> >j3d.
> >  
> >
> What version of selinux-policy-targeted?
> 

The version is 1.17.30-2.39

j3d.

> >  
> >
> >>Dan
> >>
> >>--
> >>fedora-selinux-list mailing list
> >>fedora-selinux-list at redhat.com
> >>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >>    
> >>
> >
> >--
> >fedora-selinux-list mailing list
> >fedora-selinux-list at redhat.com
> >http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >  
> >
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the selinux mailing list