SELinux and Squid - Non-default squid http_port (!=3128)
Paul Howarth
paul at city-fan.org
Tue Aug 30 14:12:35 UTC 2005
Øyvind Stegard wrote:
> By 'squid_allow_any', I am assuming you mean 'squid_connect_any'. I
> tried this instead of 'squid_disable_trans', but that does not work.
That would allow squid to connect outbound to web servers running on
non-standard ports; it doesn't affect the port that squid can bind to
itself.
> I can only get squid up and running on http_port 64030 by setting
> 'squid_disable_trans'.
An alternative approach would be to install the policy sources and edit
/etc/selinux/targeted/src/policy/net_contexts, adding a line:
portcon tcp 3128 system_u:object_r:http_cache_port_t
replacing 3128 with the port number you want to use.
Then do:
# cd /etc/selinux/targeted/src/policy
# rm policy.conf
# make reload
Paul.
More information about the fedora-list
mailing list