[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Understanding SELinux



On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote:

> Dec  5 09:47:34 fedora kernel: audit(1102268854.527:0): avc:  denied 
> { write } for  pid=3455 exe=/bin/bash name=squid dev=hda2 ino=4457453
> scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t
> tclass=dir
> Dec  5 09:47:34 fedora kernel: audit(1102268854.527:0): avc:  denied 
> { add_name } for  pid=3455 exe=/bin/bash name=squid.out
> scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t
> tclass=dir

Is the squid init script messing around with the squid data?  It'd be
preferable if whatever it was doing was builtin squid functionality, so
we don't have to allow initrc_t those privilges.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]