Understanding SELinux
Tom London
selinux at gmail.com
Mon Dec 6 20:24:22 UTC 2004
On Mon, 06 Dec 2004 13:19:51 -0500, Colin Walters <walters at redhat.com> wrote:
> On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote:
> Is the squid init script messing around with the squid data? It'd be
> preferable if whatever it was doing was builtin squid functionality, so
> we don't have to allow initrc_t those privilges.
>
I agree, but the files (e.g., /var/log/squid/squid.out)
seem created in the script.
Here is a line from /etc/init.d/squid:
$SQUID -z -F -D >> /var/log/squid/squid.out 2>&1
So the script running as initrc_t is creating the file on the
first run, and opening it for output thereafter, no?
After that its written by squid_t.
tom
--
Tom London
More information about the fedora-selinux-list
mailing list