Understanding SELinux

Tom London selinux at gmail.com
Mon Dec 6 20:24:22 UTC 2004

On Mon, 06 Dec 2004 13:19:51 -0500, Colin Walters <walters at redhat.com> wrote:
> On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote:

> Is the squid init script messing around with the squid data?  It'd be
> preferable if whatever it was doing was builtin squid functionality, so
> we don't have to allow initrc_t those privilges.

I agree, but the files (e.g., /var/log/squid/squid.out)
seem created in the script.

Here is a line from /etc/init.d/squid:
             $SQUID -z -F -D >> /var/log/squid/squid.out 2>&1

So the script running as initrc_t is creating the file on the
first run, and opening it for output thereafter, no?
After that its written by squid_t.


Tom London

More information about the fedora-selinux-list mailing list