What version of policy are you using? rpm -q selinux-policy-targeted The avc you are reporting is allowed in current policy grep -r squid_t.*bin_t policy.conf allow squid_t { lib_t squid_exec_t bin_t sbin_t shell_exec_t } :file { { read getattr lock execute ioctl } execute_no_trans }; --