Giuseppe Greco wrote:
You can add these as dontaudit rules to policy. Looks like squid is just looking forHi all,
I've just updated my SELinux policies, but I still get the following error messages when restarting squid:
audit(1104589130.341:0): avc: denied { getattr } for pid=2759 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2 scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t tclass=dir audit(1104589130.342:0): avc: denied { getattr } for pid=2759 exe=/usr/sbin/squid path=/tmp dev=hda1 ino=2 scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t tclass=dir
what is in the / directory.
adding the following to policy will eliminate these messages. (BTW they are harmless).
dontaudit squid_t { boot_t tmp_t }:dir getattr;
I will add these rules in selinux-policy-targeted-1.17.30-2.63
Dan
Shouldn't these rules already been fixed? What can I do to get squid finally working without complying?
Thanks,
j3d.
