[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] FC3 SELinux fixes for squidGuard




Hey folks,


A couple of people have reported that squidGuard does not work properly with a default K12LTSP 4.2.0 install. I have two different
fixes for this, a experiemental one and one that reduces security
a little bit.


If you don't want to be experimented upon, you can turn off SELinux
for just squid. Run system-config-securitylevel, select the SELinux
tab, select SELinux Service Protection, and then check Disable SELinux
protection for squid daemon. SquidGuard will now work, but squid &
squidGuard won't be protected by SELinux.

If you are feeling brave, I built squidGuard packages that try to patch-up the SELinux policies. The jury is still out on whether or
not it is a good fix, but it does seem to work so I thought I'd upload
it so others could eyeball it as well.


What I did was:

1) require the selinux-policy-targeted-sources package
2) extend the squid policy source by adding the following two files:
	/etc/selinux/targeted/src/policy/domains/program/squidguard.te
	/etc/selinux/targeted/src/policy/file_contexts/program/squidguard.fc
3) in the post-install portion of the squidGuard rpm:
	a) /var/squidGuard and /var/log/squidGuard are labled
    b) the policy is rebuilt and reloaded


If you want to be a guinea pig, you can grab the test package at:


ftp://k12linux.mesd.k12.or.us/pub/K12LTSP/testing/RPMS/

-Eric


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]