Squid cachemgr.cgi AVC denied
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 19 18:06:19 UTC 2007
Lamont Peterson wrote:
> On RHEL5 and FC6, I'm seeing an AVC denied message when trying to use
> cachemgr.cgi:
>
> type=AVC msg=audit(1177002702.300:787): avc: denied { search } for
> pid=18199 comm="cachemgr.cgi" name="squid" dev=hda5 ino=346594
> scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:squid_conf_t:s0
> tclass=dir
>
> If I'm reading this correctly, the problem is that the policy doesn't allow
> cachmgr.cgi to get it's /etc/squid/cachemgr.conf file because the /etc/squid/
> directory (and the cachemgr.conf) file are labeled:
>
> # ll -Zd /etc/squid/
> drwxr-xr-x root root system_u:object_r:squid_conf_t /etc/squid/
> # ll -Z /etc/squid/cachemgr.conf
> -rw-r--r-- root squid
> system_u:object_r:squid_conf_t /etc/squid/cachemgr.conf
>
> Shall I file a bug for this or is it already known, fixed,
> work-around-is-available?
>
>
Please update to the latest selinux-policy. This should work there.
yum -y update selinux-policy
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list