Paul Howarth wrote:
On Fri, 2006-11-24 at 16:05 -0800, Wart wrote:
I reconfigured my squid to use a cache directory on a filesystem with
more space (/space/squid/cache, and relabeled /space/squid and all of
its subdirectories with system_u:object_r:squid_cache_t.
Now I'm getting AVC denied messages[1] because it seems that squid wants
to read from /.
setroubleshoot says that I can run "setsebool -P read_default_t=1" to
remove this denial, but I'd rather find out why squid wants to read from
/ and relabel files appropriately. Any ideas?
--Wart
[1] avc: denied { search } for comm='"squid"' dev='sdb5' egid='0'
euid='0' exe='"/usr/sbin/squid"' exit='-13' fsgid='0' fsuid='0' gid='0'
items='0' name='"/"' pid='3114' scontext=system_u:system_r:squid_t:s0
sgid='0' subj='system_u:system_r:squid_t:s0' suid='0' tclass='dir'
tcontext=system_u:object_r:default_t:s0 tty='(none)' uid='0'
I suspect that the "/" here is the root directory of the filesystem,
most likely /space, and that this problem will go away if you do:
# chcon -t var_t /space
That did, indeed, fix it.
Thanks!
--Wart
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
