Problems adding to targeted policy for a new cache directory for Squid
Karsten Wade
kwade at redhat.com
Wed Feb 16 05:49:00 UTC 2005
On Tue, 2005-02-15 at 02:04 -0600, Joe Cooper wrote:
> Joe Cooper wrote:
> also noticed that I'm actually getting slightly different labels than
> /var/spool/squid:
>
> [root at localhost /]# ls -lZ /var/spool/squid
> drwxr-xr-x squid squid root:object_r:squid_cache_t 00
> [root at localhost /]# ls -lZ /cache0
> drwxr-xr-x squid squid system_u:object_r:squid_cache_t 00
>
> So I've got root:object_r:squid_cache_t for /var/spool/squid (the one
> that works) and system_u:object_r:squid_cache_t for the one that
> doesn't,
That different field is for the SELinux identity, which doesn't come
much into play for the targeted policy.
You get 'system_u:object_r' when something has been created by a system
process, you get 'root:object_r' when something has been created by the
root user. There is an actual SELinux user 'root' that corresponds to
the Linux user 'root'.
- Karsten
--
Karsten Wade, RHCE * Sr. Tech Writer * http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
IT executives rate Red Hat #1 for value
http://www.redhat.com/promo/vendor/
More information about the fedora-selinux-list
mailing list