SELinux and Squid - Non-default squid http_port (!=3128)
Daniel J Walsh
dwalsh at redhat.com
Tue Aug 30 14:41:07 UTC 2005
Paul Howarth wrote:
> Øyvind Stegard wrote:
>
>> By 'squid_allow_any', I am assuming you mean 'squid_connect_any'. I
>> tried this instead of 'squid_disable_trans', but that does not work.
>
>
> That would allow squid to connect outbound to web servers running on
> non-standard ports; it doesn't affect the port that squid can bind to
> itself.
>
>> I can only get squid up and running on http_port 64030 by setting
>> 'squid_disable_trans'.
>
>
> An alternative approach would be to install the policy sources and
> edit /etc/selinux/targeted/src/policy/net_contexts, adding a line:
>
> portcon tcp 3128 system_u:object_r:http_cache_port_t
>
> replacing 3128 with the port number you want to use.
>
> Then do:
>
> # cd /etc/selinux/targeted/src/policy
> # rm policy.conf
> # make reload
>
> Paul.
>
This is one of the features we are working on for FC5. How to allow
admins to customize
ports, ethernet devices, users and add their own allow rules without
requiring policy sources to be installed.
Currently you need to work off the policy-sources.
--
More information about the users
mailing list