fedora-selinux-list Digest, Vol 20, Issue 18

Daniel J Walsh dwalsh at redhat.com
Thu Oct 27 13:31:04 UTC 2005 

Jayendren Anand Maduray wrote:
> Hi!
>
> Just noticed more errors!
>
> Here is the output:
>
> audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
> exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
> scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
> tclass=file
> audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
> exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
> scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
> tclass=file
> audit(1130392270.019:0): avc:  denied  { getattr } for  pid=3218 
> exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav 
> dev=hda8 ino=185872 scontext=user_u:system_r:squid_t 
> tcontext=system_u:object_r:bin_t tclass=file
Looks like you labeled /var/log/squid incorrectly.   restorecon -R -v 
/var/log

>
>
> Also:
>
> [root at shiva jay]# ls -lZ /var/log/squid/
> -rw-r--r--  squid    squid    system_u:object_r:bin_t          access.log
> -rw-r--r--  squid    squid    system_u:object_r:bin_t          cache.log
> -rw-r--r--  squid    squid    system_u:object_r:bin_t          squid.out
> -rw-r--r--  squid    squid    system_u:object_r:bin_t          store.log
>
> [root at shiva jay]# service squid restart
>
> Stopping squid: /etc/init.d/squid: line 82:  5108 
> Aborted                 $SQUID -k check >>/var/log/squid/squid.out 2>&1
>                                                           [FAILED]
> Starting squid: /etc/init.d/squid: line 53:  5109 
> Aborted                 $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 
> 2>&1
>                                                           [FAILED]
>
> Please note that i re-enabled SElinux for squid via 
> system-config-security in FC3.
>
> Any help will be appreciated.
>
> God bless.
>
>
> Daniel J Walsh wrote:
>
>> Jayendren Anand Maduray wrote:
>>
>>> Thanks for you help, again!
>>>
>>> Here is the output:
>>>
>>> [root at shiva jay]# chcon -t bin_t /usr/local/squidclamav/bin/*
>>> You have mail in /var/spool/mail/jay
>>> [root at shiva jay]#
>>> [root at shiva jay]# ls -lZ /usr/local/squidclamav/bin
>>> -rwxr-xr-x  root     root     system_u:object_r:bin_t          
>>> squidclamav
>>>
>>>
>>> I will reboot, and check the system as it starts up.
>>>
>>> Currently, i use system-config-securitylevel to re-enable squid.
>>>
>>> Which file can i edit to do this from the command line?
>>
>> setsebool and getsebool are command line tools for manipulating booleans
>>
>> setsebool -P squid_disable_trans=1
>>
>> Enables SELinux enforcement and writes this to the defaults file
>>
>> /etc/selinux/SELINUXTYPE/booleans.local
>>
>>
>


--

More information about the fedora-selinux-list mailing list