[K12OSN] FC3 SELinux fixes for squidGuard

Eric Harrison eharrison at mail.mesd.k12.or.us
Mon Jan 10 05:15:19 UTC 2005

Hey folks,

A couple of people have reported that squidGuard does not work 
properly with a default K12LTSP 4.2.0 install. I have two different
fixes for this, a experiemental one and one that reduces security
a little bit.

If you don't want to be experimented upon, you can turn off SELinux
for just squid. Run system-config-securitylevel, select the SELinux
tab, select SELinux Service Protection, and then check Disable SELinux
protection for squid daemon. SquidGuard will now work, but squid &
squidGuard won't be protected by SELinux.

If you are feeling brave, I built squidGuard packages that try to 
patch-up the SELinux policies. The jury is still out on whether or
not it is a good fix, but it does seem to work so I thought I'd upload
it so others could eyeball it as well.

What I did was:

1) require the selinux-policy-targeted-sources package
2) extend the squid policy source by adding the following two files:
3) in the post-install portion of the squidGuard rpm:
 	a) /var/squidGuard and /var/log/squidGuard are labled
     b) the policy is rebuilt and reloaded

If you want to be a guinea pig, you can grab the test package at:



More information about the K12OSN mailing list