Re: selinux problem with squid and snmp_port in centos 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 4/19/07, Stefan Held <obi@xxxxxxxxxxxxx> wrote:

Am Donnerstag, den 19.04.2007, 11:17 +0900 schrieb net foss:
> Hi all,

su -

cd ~

cp that one:
> type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102
> success=no exit=-13 a0=2 a1=bf880060 a2=81109f0 a3=bf88007c items=0
> ppid=15684 pid=15705 auid=500 uid=23 gid=23 euid=0 suid=0 fsuid=0
> egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid"
> subj=user_u:system_r:squid_t:s0 key=(null)

into a file named: squid_snmp_audit.log

run: audit2allow -M squid_snmp -i squid_snmp_audit.log

after that:

semodule -i squid_snmp.pp



Thank you very much for you help, Stefan.
Everything I had to do with SELinux in CentOS 4.x (enforcing and
targeted mode) is only changing the context of web contents.
But now several different SELinux problems happen to my
CentOS 5 box. One of them is access denied when squid opens
snmp_port that I have described in previous mail. Another one
is access denied when squirrelmail connects to localhost:imap
(cyrus-imapd server here).  I think that I can apply your
suggested method to solve these problems.

I have another question. Must I make these rules again after
update the policy package or not (i.e. will the next updates of
selinux-policy package overwrite the manually edit rules or not?).


> Any hint to solve the problem is appreciated.

Greetings

--

 Stefan Held                    VI has only 2 Modes:
 obi unixkiste org              The first one is for beeping all the time,
 FreeNode: foo_bar              the second destroys the text.
---------------------------------------------------------------------------
Fedora Ambassador:                 http://fedoraproject.org/wiki/StefanHeld
---------------------------------------------------------------------------
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---------------------------------------------------------------------------
    GPG-Keyprint = 75C0 F029 CA71 F061 6C07  0640 38F7 E5F9 4EA5 A385

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos






--
NetFOSS
netfoss@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux