SELinux and Squid - Non-default squid http_port (!=3128)
Rahul Sundaram
sundaram at redhat.com
Sun Aug 28 02:12:34 UTC 2005
Øyvind Stegard wrote:
> Thomas Springer wrote:
>
>> Try this:
>>
>> # /usr/bin/system-config-securitylevel
>
> This box is headless, so I can't use graphical configuration tools.
> (can't get SSH X forwarding to work, either..)
>
>>
>> Find panel SELinux and change 'squid_allow_any' in category /Others.
>
> I ended up using 'setsebool', and set the key 'squid_disable_trans' to
> TRUE. What does this mean, disable domain transition, in SELinux lingo
> ? It works, at least. Haven't tried altering 'squid_allow_any'.
This would completely disable SELinux protection for squid.
squid_allow_any boolean is better. You can get SSH X forwarding by
reading the release notes
http://fedora.redhat.com/docs/release-notes/fc4/#id2503227
You can also use /etc/selinux/targeted/booleans to set SELinux booleans.
setsebool would only do that for the current session
regards
Rahul
More information about the fedora-list
mailing list