selinux, squid
Paul Howarth
paul at city-fan.org
Thu Aug 11 06:38:08 UTC 2005
On Thu, 2005-08-11 at 13:47 +0800, Richard Pannell wrote:
>
> I am having problems running squid authentication (ntlm_auth) in FC4
> with selinux turned on. When I use setenforce 0 I have no problems.
> But with setenforce set to 1 it fails. So using "audit2allow -l
> -i /var/log/message" I got the following result
>
> allow auditd_t initrc_t:unix_dgram_socket sendto;
> allow klogd_t device_t:sock_file write;
> allow klogd_t initrc_t:unix_dgram_socket sendto;
> allow rpcd_t etc_runtime_t:file read;
> allow rpcd_t proc_t:file read;
> allow rpcd_t samba_etc_t:dir search;
> allow rpcd_t samba_var_t:dir { getattr search };
> allow syslogd_t etc_runtime_t:file read;
> allow syslogd_t proc_t:file read;
>
> which I added
> to /etc/selinux/targeted/src/policy/domains/misc/local.te and ran
>
> make -C /etc/selinux/targeted/src/policy clean
> make -C /etc/selinux/targeted/src/policy load
Do you get the same output from audit2allow after doing this?
Are you running auditd? If so, you should be looking
in /var/log/audit/audit.log rather than /var/log/messages for AVC
errors.
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the fedora-list
mailing list