Help with squid / squidGuard
Arthur Dent
selinux.list at troodos.demon.co.uk
Thu Feb 5 18:42:50 UTC 2009
Hello all,
Still on my mission to clean up any unnecessary local policies I might
have mistakenly created I have now turned my attention to my squid web
proxy.
I have a nightly script which downloads updated blacklists to be fed to
squidGuard. They are held in a variety of directories under
/var/squidGuard/blacklists/ and without my local policy I get avcs when
something tries to access one of these blacklist databases.
The proposed remedy of:
restorecon -v '/var/squidGuard/blacklists/blacklists/porn/domains.db'
made no difference.
When I do a ls -laZ on these directories I get a mizture of:
squid squid system_u:object_r:var_t:s0 and
squid squid unconfined_u:object_r:var_t:s0
Which should it be?
Should I build a chcon statement into the download script?
Audit2why said that the denial was caused by a "Missing type enforcement
(TE) allow rule."
and audit2allow produced this (which is the same as I had in my local
policy):
require {
type squid_t;
}
#============= squid_t ==============
files_rw_var_files(squid_t)
Should I just stick with my local policy, or fix something else?
Thanks
Mark
p.s. Happy to post the whole avc(s) if required...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090205/865c732c/attachment.sig>
More information about the fedora-selinux-list
mailing list