Problems adding to targeted policy for a new cache directory for Squid

Joe Cooper joe at
Wed Feb 16 06:42:30 UTC 2005

Karsten Wade wrote:
> On Tue, 2005-02-15 at 02:04 -0600, Joe Cooper wrote:
>>Joe Cooper wrote:
>>also noticed that I'm actually getting slightly different labels than 
>>[root at localhost /]# ls -lZ /var/spool/squid
>>drwxr-xr-x  squid    squid    root:object_r:squid_cache_t      00
>>[root at localhost /]# ls -lZ /cache0
>>drwxr-xr-x  squid    squid    system_u:object_r:squid_cache_t  00
>>So I've got root:object_r:squid_cache_t for /var/spool/squid (the one 
>>that works) and system_u:object_r:squid_cache_t for the one that 
> That different field is for the SELinux identity, which doesn't come
> much into play for the targeted policy.
> You get 'system_u:object_r' when something has been created by a system
> process, you get 'root:object_r' when something has been created by the
> root user.  There is an actual SELinux user 'root' that corresponds to
> the Linux user 'root'.

Thanks for that explanation, Karsten.  Some of these things are starting 
to make a bit of sense now.  ;-)

More information about the fedora-selinux-list mailing list