Understanding SELinux
Colin Walters
walters at redhat.com
Mon Dec 6 18:19:51 UTC 2004
On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote:
> Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied
> { write } for pid=3455 exe=/bin/bash name=squid dev=hda2 ino=4457453
> scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t
> tclass=dir
> Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied
> { add_name } for pid=3455 exe=/bin/bash name=squid.out
> scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t
> tclass=dir
Is the squid init script messing around with the squid data? It'd be
preferable if whatever it was doing was builtin squid functionality, so
we don't have to allow initrc_t those privilges.
More information about the fedora-selinux-list
mailing list