squid reverse proxy - AVC
David P. Quigley
dpquigl at tycho.nsa.gov
Mon Jan 5 15:30:53 UTC 2009
On Sun, 2009-01-04 at 15:29 -0500, Mail Lists wrote:
>
> Apolagize I didnt list reply ...
>
> trying again:
>
> On 01/04/2009 02:38 PM, Daniel J Walsh wrote:
> > > This looks like squid_t is searching a directory named etc which is
> > > labeled named_conf_t?
> > >
> > > what does ls -ldZ /etc
> > > say?
>
> # ls -ldZ /etc
> drwxr-xr-x root root system_u:object_r:etc_t:s0 /etc/
>
> > >
> > > Did you relabel /etc directory named_conf_t?
>
> nope - only thing I find with named_conf_t is /var/named/chroot
>
> I note that sealert does not always show the full path - be nice if it
> did. In this case there are not a lot of directores called etc so its
> not hard to find.
The directory you are trying to access is etc but not /etc
under /var/named/chroot there is an etc directory in there for the
chroot which is labeled with named_conf_t. It might be good for us to
have this labeled with etc_t instead. There are several directories
under the chroot which should probably be given their properly labeling.
Dave
More information about the fedora-selinux-list
mailing list