squid reverse proxy - AVC
Mail Lists
lists at sapience.com
Sat Jan 3 05:36:05 UTC 2009
I use squid on the border firewall to act as a reverse proxy for
non-https web server.
This is fedora 10 fully updated with selinux set to permissive until
its clean, I see this logged - any suggestions how to deal with it ?
Thanks for any help
gene
Summary:
SELinux is preventing squid (squid_t) "search" to ./etc (named_conf_t).
...
Source Context unconfined_u:system_r:squid_t:s0
Target Context system_u:object_r:named_conf_t:s0
Target Objects ./etc [ dir ]
Source squid
Source Path /usr/sbin/squid
Port <Unknown>
...
Raw Audit Messages
type=AVC msg=audit(1230675079.826:69): avc: denied { search }
for pid=4026 comm="squid" name="etc" dev=sda1 ino=207365
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:named_conf_t:s0 tclass=dir
type=SYSCALL msg=audit(1230675079.826:69): arch=40000003
syscall=11 success=no exit=-2 a0=bfcda538 a1=bfcd94fc a2=bfcda7e8
a3=1 items=0 ppid=4025 pid=4026 auid=500 uid=23 gid=23 euid=0 suid=0
fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) ses=2
comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0
key=(null)
More information about the fedora-selinux-list
mailing list