Help with squid / squidGuard
Dominick Grift
domg472 at gmail.com
Thu Feb 5 19:50:39 UTC 2009
Op donderdag 05-02-2009 om 18:42 uur [tijdzone +0000], schreef Arthur
Dent:
> The proposed remedy of:
> restorecon -v '/var/squidGuard/blacklists/blacklists/porn/domains.db'
> made no difference.
>
> When I do a ls -laZ on these directories I get a mizture of:
> squid squid system_u:object_r:var_t:s0 and
> squid squid unconfined_u:object_r:var_t:s0
It looks like squidGuard owns /var/squidGuard but does not manage it's
content with a private type.
Then later squid tries to interact with squidGuards content there.
But the content is created with a generic type for var (var_t)
You can solve this issue by writing policy for squidGuard. You should
enforce squidGuard to manage it's files using private types instead of
just using the generic var_t.
Then later, you can give squid access to that type.
Can you share your policy for squidGuard?
In which domain is the squidGuard process running? ps auxZ | grep
squidguard.
The point is that squid_t is not allowed to read and write generic
content in /var.
hth
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list