Squid cachemgr.cgi AVC denied
Lamont Peterson
lamont at gurulabs.com
Thu Apr 19 17:20:35 UTC 2007
On RHEL5 and FC6, I'm seeing an AVC denied message when trying to use
cachemgr.cgi:
type=AVC msg=audit(1177002702.300:787): avc: denied { search } for
pid=18199 comm="cachemgr.cgi" name="squid" dev=hda5 ino=346594
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:squid_conf_t:s0
tclass=dir
If I'm reading this correctly, the problem is that the policy doesn't allow
cachmgr.cgi to get it's /etc/squid/cachemgr.conf file because the /etc/squid/
directory (and the cachemgr.conf) file are labeled:
# ll -Zd /etc/squid/
drwxr-xr-x root root system_u:object_r:squid_conf_t /etc/squid/
# ll -Z /etc/squid/cachemgr.conf
-rw-r--r-- root squid
system_u:object_r:squid_conf_t /etc/squid/cachemgr.conf
Shall I file a bug for this or is it already known, fixed,
work-around-is-available?
--
Lamont Peterson <lamont at gurulabs.com>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]
NOTE: All messages from this email address should be digitally signed with my
0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as
well as other keyservers that sync with MIT's.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070419/0402a666/attachment.sig>
More information about the fedora-selinux-list
mailing list