fedora-selinux-list Digest, Vol 20, Issue 18
Daniel J Walsh
dwalsh at redhat.com
Thu Oct 27 13:31:04 UTC 2005
Jayendren Anand Maduray wrote:
> Hi!
>
> Just noticed more errors!
>
> Here is the output:
>
> audit(1130392269.590:0): avc: denied { append } for pid=3218
> exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115
> scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t
> tclass=file
> audit(1130392269.590:0): avc: denied { append } for pid=3218
> exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115
> scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t
> tclass=file
> audit(1130392270.019:0): avc: denied { getattr } for pid=3218
> exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav
> dev=hda8 ino=185872 scontext=user_u:system_r:squid_t
> tcontext=system_u:object_r:bin_t tclass=file
Looks like you labeled /var/log/squid incorrectly. restorecon -R -v
/var/log
>
>
> Also:
>
> [root at shiva jay]# ls -lZ /var/log/squid/
> -rw-r--r-- squid squid system_u:object_r:bin_t access.log
> -rw-r--r-- squid squid system_u:object_r:bin_t cache.log
> -rw-r--r-- squid squid system_u:object_r:bin_t squid.out
> -rw-r--r-- squid squid system_u:object_r:bin_t store.log
>
> [root at shiva jay]# service squid restart
>
> Stopping squid: /etc/init.d/squid: line 82: 5108
> Aborted $SQUID -k check >>/var/log/squid/squid.out 2>&1
> [FAILED]
> Starting squid: /etc/init.d/squid: line 53: 5109
> Aborted $SQUID $SQUID_OPTS >>/var/log/squid/squid.out
> 2>&1
> [FAILED]
>
> Please note that i re-enabled SElinux for squid via
> system-config-security in FC3.
>
> Any help will be appreciated.
>
> God bless.
>
>
> Daniel J Walsh wrote:
>
>> Jayendren Anand Maduray wrote:
>>
>>> Thanks for you help, again!
>>>
>>> Here is the output:
>>>
>>> [root at shiva jay]# chcon -t bin_t /usr/local/squidclamav/bin/*
>>> You have mail in /var/spool/mail/jay
>>> [root at shiva jay]#
>>> [root at shiva jay]# ls -lZ /usr/local/squidclamav/bin
>>> -rwxr-xr-x root root system_u:object_r:bin_t
>>> squidclamav
>>>
>>>
>>> I will reboot, and check the system as it starts up.
>>>
>>> Currently, i use system-config-securitylevel to re-enable squid.
>>>
>>> Which file can i edit to do this from the command line?
>>
>> setsebool and getsebool are command line tools for manipulating booleans
>>
>> setsebool -P squid_disable_trans=1
>>
>> Enables SELinux enforcement and writes this to the defaults file
>>
>> /etc/selinux/SELINUXTYPE/booleans.local
>>
>>
>
--
More information about the fedora-selinux-list
mailing list