squid reverse proxy - AVC
Mail Lists
lists at sapience.com
Sun Jan 4 20:29:46 UTC 2009
Apolagize I didnt list reply ...
trying again:
On 01/04/2009 02:38 PM, Daniel J Walsh wrote:
> > This looks like squid_t is searching a directory named etc which is
> > labeled named_conf_t?
> >
> > what does ls -ldZ /etc
> > say?
# ls -ldZ /etc
drwxr-xr-x root root system_u:object_r:etc_t:s0 /etc/
> >
> > Did you relabel /etc directory named_conf_t?
nope - only thing I find with named_conf_t is /var/named/chroot
I note that sealert does not always show the full path - be nice if it
did. In this case there are not a lot of directores called etc so its
not hard to find.
> >
> > Do you have squid running within some kind of named chroot?
squid is not chrooted but of course bind is running in its
/var/named/chroot.
This is a standard F10 install - i simply added to /etc/squid.conf
some acl's and a line to have it reverse proxy to DMZ web server like below
http_port <EXT_IP>:80 vhost defaultsite=<webhostname>:80
More information about the fedora-selinux-list
mailing list