Hi Mrcos
(2011/02/01 0:31), Marcos Lois Bermúdez wrote:
> semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
>
> i check the files and are in the good context:
>
> drwxr-xr-x squid squid user_u:object_r:squid_cache_t .
**> drwxr-xr-x squid squid system_u:object_r:home_root_t ..
> drwxr-x--- squid squid user_u:object_r:squid_cache_t 00
> drwxr-x--- squid squid user_u:object_r:squid_cache_t 01
> ...
>
> But when i want start it i get this:
>
> type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
[root@localhost ~]# audit2allow -m squid
type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
Ctl-D
module squid 1.0;
require {
type home_root_t;
type squid_t;
class dir search;
}
#============= squid_t ==============
allow squid_t home_root_t:dir search;
[root@localhost ~]#
It seems the directory '/home/squid' has 'home_root_t' type.
Change it to 'squid_cache_t'
# chcon -u system_u -r object_r -t squid_cache_t /home/squid
--Tsuyoshi.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
