squid.te
Daniel J Walsh
dwalsh at redhat.com
Mon Dec 13 14:26:35 UTC 2004
Giuseppe Greco wrote:
>Thanks,
>
>now I've added the following two lines
>to /etc/selinux/targeted/src/policy/domains/program/squid.te:
>
>allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
>allow { squid_t initrc_t } squid_log_t:file create_file_perms;
>
>... but I still get the following error message when restarting
>squid:
>
>Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
> pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
> scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
> tclass=dir
>
>audit(1102241826.255.0): avc: denied { getattr } for
> pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
> scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
> tclass=dir
>
>I've also a similar problem with sendmail when accessed via
>squirrelmail:
>
>audit(1102761151.989:0): avc denied { search } for
> pid=1841 exe=/usr/sbin/httpd name=spool dev=dm-6 ino=224002
> scontext=user_u:system_r:httpd_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
>
>audit(1102761496.288:0): avc denied { getattr } for
> pid=1841 exe=/usr/sbin/httpd path=/var/spool dev=dm-6 ino=224002
> scontext=user_u:system_r:httpd_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
>
>I don't how to proceed...
>j3d.
>
>
>
All of these should be covered by the latest policy files. Have you
updated your policy files?
Dan
More information about the fedora-selinux-list
mailing list