procmail revisited, and now squid

Mon Jan 21 12:24:52 UTC 2008

Gene Heskett wrote:
> Greetings;
> 
> The last policy update didn't fix my procmail problems yet, in fact it made 
> them worse cuz now I'm getting failure messages in its logfile that I wasn't 
> before.
> procmail, setroubleshoot output:
> Source Context:  system_u:system_r:procmail_t:s0
> Target Context:  unconfined_u:object_r:var_log_t:s0
> Target Objects:  None [ file ]
> Affected RPM Packages:  procmail-3.22-20.fc8 [application]
> Policy RPM:  selinux-policy-3.0.8-74.fc8
> Selinux Enabled:  True
> Policy Type:  targeted
> MLS Enabled:  True
> Enforcing Mode:  Enforcing
> Plugin Name:  plugins.mislabeled_file
> Host Name:  coyote.coyote.den
> Platform:  Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST 
> 2008 i686 athlon
> Alert Count:  3
> First Seen:  Sat 19 Jan 2008 01:50:20 AM EST
> Last Seen:  Sat 19 Jan 2008 05:09:16 AM EST
> Local ID:  3114f17d-0dc1-4453-ad4c-3b3548003cc4
> Line Numbers:  Raw 
> Audit Messages :
> avc: denied { append } for comm=procmail dev=dm-0 egid=500 euid=500 
> exe=/usr/bin/procmail exit=-13 fsgid=500 fsuid=500 gid=500 items=0 
> name=procmail.log pid=10138 scontext=system_u:system_r:procmail_t:s0 sgid=0 
> subj=system_u:system_r:procmail_t:s0 suid=500 tclass=file 
> tcontext=unconfined_u:object_r:var_log_t:s0 tty=(none) uid=500 
> 
> I note that the Last Seen time is before I did an autorelabel this morning.

Try running "restorecon -v procmail.log" (which is presumably in /var/log)

> And now, trying to setup squid, I'm failing that:
> 
> Source Context:  system_u:system_r:squid_t:s0
> Target Context:  system_u:object_r:var_spool_t:s0
> Target Objects:  None [ dir ]
> Affected RPM Packages:  squid-2.6.STABLE17-1.fc8 [application]
> Policy RPM:  selinux-policy-3.0.8-74.fc8
> Selinux Enabled:  True
> Policy Type:  targeted
> MLS Enabled:  True
> Enforcing Mode:  Enforcing
> Plugin Name:  plugins.mislabeled_file
> Host Name:  coyote.coyote.den
> Platform:  Linux coyote.coyote.den 2.6.24-rc8 #2 SMP Wed Jan 16 22:47:57 EST 
> 2008 i686 athlon
> Alert Count:  3
> First Seen:  Sat 19 Jan 2008 02:29:31 PM EST
> Last Seen:  Sat 19 Jan 2008 04:43:50 PM EST
> Local ID:  1eb62793-1368-45b9-b0c0-c117f10dafd4
> Line Numbers:  Raw 
> Audit Messages :
> avc: denied { write } for comm=squid dev=dm-0 egid=23 euid=23 
> exe=/usr/sbin/squid exit=-13 fsgid=23 fsuid=23 gid=23 items=0 name=squid 
> pid=17099 scontext=system_u:system_r:squid_t:s0 sgid=23 
> subj=system_u:system_r:squid_t:s0 suid=0 tclass=dir 
> tcontext=system_u:object_r:var_spool_t:s0 tty=pts9 uid=23 
> 
> For squid, I hand made its parent /var/spool/squid dir, and chowned it to 
> squid:squid but the exact same failure occurs as it is trying to setup its 
> cache dirs within that dir, so I gave it up.  Its logs gets a new stanza of 
> this:
> 
> squid: ERROR: No running copy
> 2008/01/19 14:29:31| Creating Swap Directories
> FATAL: Failed to make swap directory /var/spool/squid/00: (13) Permission 
> denied
> Squid Cache (Version 2.6.STABLE17): Terminated abnormally.
> CPU Usage: 0.001 seconds = 0.001 user + 0.000 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> 
> for everytime I attempt a 'service squid start'
> 
> Can we make these work please?  setroubleshooter's suggestions about running 
> restorecon are rather worthless without the rest of the command line as an 
> example cuz I have NDI what the file should be relabeled as.

restorecon -rv /var/spool/squid

It should be squid_cache_t

Paul.