Problems adding to targeted policy for a new cache directory for Squid
Joe Cooper
joe at swelltech.com
Wed Feb 16 06:42:30 UTC 2005
Karsten Wade wrote:
> On Tue, 2005-02-15 at 02:04 -0600, Joe Cooper wrote:
>
>>Joe Cooper wrote:
>>also noticed that I'm actually getting slightly different labels than
>>/var/spool/squid:
>>
>>[root at localhost /]# ls -lZ /var/spool/squid
>>drwxr-xr-x squid squid root:object_r:squid_cache_t 00
>>[root at localhost /]# ls -lZ /cache0
>>drwxr-xr-x squid squid system_u:object_r:squid_cache_t 00
>>
>>So I've got root:object_r:squid_cache_t for /var/spool/squid (the one
>>that works) and system_u:object_r:squid_cache_t for the one that
>>doesn't,
>
>
> That different field is for the SELinux identity, which doesn't come
> much into play for the targeted policy.
>
> You get 'system_u:object_r' when something has been created by a system
> process, you get 'root:object_r' when something has been created by the
> root user. There is an actual SELinux user 'root' that corresponds to
> the Linux user 'root'.
Thanks for that explanation, Karsten. Some of these things are starting
to make a bit of sense now. ;-)
More information about the fedora-selinux-list
mailing list