Re: fedora-selinux-list Digest, Vol 20, Issue 18

[Jayendren Anand Maduray <jayendren@xxxxxxxxx>]

Hi!

Just noticed more errors!

Here is the output:

audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
tclass=file
audit(1130392269.590:0): avc:  denied  { append } for  pid=3218 
exe=/usr/sbin/squid path=/var/log/squid/squid.out dev=hda8 ino=755115 
scontext=user_u:system_r:squid_t tcontext=system_u:object_r:bin_t 
tclass=file
audit(1130392270.019:0): avc:  denied  { getattr } for  pid=3218 
exe=/usr/sbin/squid path=/usr/local/squidclamav/bin/squidclamav dev=hda8 
ino=185872 scontext=user_u:system_r:squid_t 
tcontext=system_u:object_r:bin_t tclass=file


Also:

[root@shiva jay]# ls -lZ /var/log/squid/
-rw-r--r--  squid    squid    system_u:object_r:bin_t          access.log
-rw-r--r--  squid    squid    system_u:object_r:bin_t          cache.log
-rw-r--r--  squid    squid    system_u:object_r:bin_t          squid.out
-rw-r--r--  squid    squid    system_u:object_r:bin_t          store.log

[root@shiva jay]# service squid restart

Stopping squid: /etc/init.d/squid: line 82:  5108 
Aborted                 $SQUID -k check >>/var/log/squid/squid.out 2>&1
                                                          [FAILED]
Starting squid: /etc/init.d/squid: line 53:  5109 
Aborted                 $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
                                                          [FAILED]

Please note that i re-enabled SElinux for squid via 
system-config-security in FC3.

Any help will be appreciated.

God bless.


Daniel J Walsh wrote:

> Jayendren Anand Maduray wrote:
>
> > Thanks for you help, again!
> >
> > Here is the output:
> >
> > [root@shiva jay]# chcon -t bin_t /usr/local/squidclamav/bin/*
> > You have mail in /var/spool/mail/jay
> > [root@shiva jay]#
> > [root@shiva jay]# ls -lZ /usr/local/squidclamav/bin
> > -rwxr-xr-x  root     root     system_u:object_r:bin_t          
> > squidclamav
> >
> >
> > I will reboot, and check the system as it starts up.
> >
> > Currently, i use system-config-securitylevel to re-enable squid.
> >
> > Which file can i edit to do this from the command line?
>
> setsebool and getsebool are command line tools for manipulating booleans
>
> setsebool -P squid_disable_trans=1
>
> Enables SELinux enforcement and writes this to the defaults file
>
> /etc/selinux/SELINUXTYPE/booleans.local

--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
IT Administrator

Perinatal HIV Research Unit
Old Potch Road
Chris Hani Baragwanath Hospital
Soweto
South Africa

Tel: +27 11 989 9776
Tel: +27 11 989 9999
Fax: +27 11 938 3973
Cel: 082 22 774 94

Alternate email address: jayendren@xxxxxxxxxx

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list