Giuseppe Greco wrote:
Thanks,
now I've added the following two lines
to /etc/selinux/targeted/src/policy/domains/program/squid.te:
allow { squid_t initrc_t } squid_log_t:dir create_dir_perms;
allow { squid_t initrc_t } squid_log_t:file create_file_perms;
... but I still get the following error message when restarting
squid:
Starting squid: audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t
tclass=dir
audit(1102241826.255.0): avc: denied { getattr } for
pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2
scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t
tclass=dir
I've also a similar problem with sendmail when accessed via
squirrelmail:
audit(1102761151.989:0): avc denied { search } for
pid=1841 exe=/usr/sbin/httpd name=spool dev=dm-6 ino=224002
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
audit(1102761496.288:0): avc denied { getattr } for
pid=1841 exe=/usr/sbin/httpd path=/var/spool dev=dm-6 ino=224002
scontext=user_u:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
I don't how to proceed...
j3d.
All of these should be covered by the latest policy files. Have you
updated your policy files?
Dan
