[K12OSN] FC3 SELinux fixes for squidGuard
Eric Harrison
eharrison at mail.mesd.k12.or.us
Mon Jan 10 05:15:19 UTC 2005
Hey folks,
A couple of people have reported that squidGuard does not work
properly with a default K12LTSP 4.2.0 install. I have two different
fixes for this, a experiemental one and one that reduces security
a little bit.
If you don't want to be experimented upon, you can turn off SELinux
for just squid. Run system-config-securitylevel, select the SELinux
tab, select SELinux Service Protection, and then check Disable SELinux
protection for squid daemon. SquidGuard will now work, but squid &
squidGuard won't be protected by SELinux.
If you are feeling brave, I built squidGuard packages that try to
patch-up the SELinux policies. The jury is still out on whether or
not it is a good fix, but it does seem to work so I thought I'd upload
it so others could eyeball it as well.
What I did was:
1) require the selinux-policy-targeted-sources package
2) extend the squid policy source by adding the following two files:
/etc/selinux/targeted/src/policy/domains/program/squidguard.te
/etc/selinux/targeted/src/policy/file_contexts/program/squidguard.fc
3) in the post-install portion of the squidGuard rpm:
a) /var/squidGuard and /var/log/squidGuard are labled
b) the policy is rebuilt and reloaded
If you want to be a guinea pig, you can grab the test package at:
ftp://k12linux.mesd.k12.or.us/pub/K12LTSP/testing/RPMS/
-Eric
More information about the K12OSN
mailing list