SELinux alerts
Brian Chadwick
brianchad at westnet.com.au
Sat Jan 26 08:55:08 UTC 2008
Colin Paul Adams wrote:
> I just installed (via yum) and started squid.
>
> I then noticed I had some SELinux alert
>
> Summary
> SELinux is preventing /usr/sbin/squid (squid_t) "read write" to socket
> (unconfined_t).
>
> Detailed Description
> SELinux denied access requested by /usr/sbin/squid. It is not expected that
> this access is required by /usr/sbin/squid and this access may signal an
> intrusion attempt. It is also possible that the specific version or
> configuration of the application is causing it to require additional access.
>
> Allowing Access
> You can generate a local policy module to allow this access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context system_u:system_r:squid_t:s0
> Target Context system_u:system_r:unconfined_t:s0
> Target Objects socket [ unix_stream_socket ]
> Affected RPM Packages squid-2.6.STABLE17-1.fc8 [application]
> Policy RPM selinux-policy-3.0.8-44.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall
> Host Name susannah.colina.demon.co.uk
> Platform Linux susannah.colina.demon.co.uk 2.6.23.1-42.fc8
> #1 SMP Tue Oct 30 13:18:33 EDT 2007 x86_64 x86_64
> Alert Count 1
> First Seen Sat 26 Jan 2008 06:39:04 GMT
> Last Seen Sat 26 Jan 2008 06:39:04 GMT
> Local ID b8ea13f6-922f-4bb8-a448-09e80221eb2a
> Line Numbers
>
> and additional similar alerts for sh (xdm), ntpd, and /usr/bin/gcin
>
> Is it safe to ignore these?
>
I run squid and ignore this message ... looks like something the Fedora
guys will fix eventually.
More information about the fedora-list
mailing list