squid.te

[Daniel J Walsh]

Giuseppe Greco wrote:

>On Mon, 2004-12-13 at 09:26 -0500, Daniel J Walsh wrote:
>  
>
>>Giuseppe Greco wrote:
>>
>>    
>>
>>>Thanks,
>>>
>>>now I've added the following two lines
>>>to /etc/selinux/targeted/src/policy/domains/program/squid.te:
>>>
>>>allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
>>>allow { squid_t initrc_t } squid_log_t:file create_file_perms;
>>>
>>>... but I still get the following error message when restarting
>>>squid:
>>>
>>>Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
>>> pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
>>> scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
>>> tclass=dir
>>>
>>>audit(1102241826.255.0): avc: denied { getattr } for
>>> pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
>>> scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
>>> tclass=dir
>>>
>>>I've also a similar problem with sendmail when accessed via
>>>squirrelmail:
>>>
>>>audit(1102761151.989:0): avc denied { search } for
>>> pid=1841 exe=/usr/sbin/httpd name=spool dev=dm-6 ino=224002
>>> scontext=user_u:system_r:httpd_t
>>> tcontext=system_u:object_r:var_spool_t tclass=dir
>>>
>>>audit(1102761496.288:0): avc denied { getattr } for
>>> pid=1841 exe=/usr/sbin/httpd path=/var/spool dev=dm-6 ino=224002
>>> scontext=user_u:system_r:httpd_t
>>> tcontext=system_u:object_r:var_spool_t tclass=dir
>>>
>>>I don't how to proceed...
>>>j3d.
>>>
>>> 
>>>
>>>      
>>>
>>All of these should be covered by the latest policy files.   Have you 
>>updated your policy files?
>>
>>    
>>
>
>Yes, I'm up2date...
>j3d.
>  
>
What version of selinux-policy-targeted?

>  
>
>>Dan
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>    
>>
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>  
>