On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote: > Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied > { write } for pid=3455 exe=/bin/bash name=squid dev=hda2 ino=4457453 > scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t > tclass=dir > Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied > { add_name } for pid=3455 exe=/bin/bash name=squid.out > scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t > tclass=dir Is the squid init script messing around with the squid data? It'd be preferable if whatever it was doing was builtin squid functionality, so we don't have to allow initrc_t those privilges.