On RHEL5 and FC6, I'm seeing an AVC denied message when trying to use
cachemgr.cgi:
type=AVC msg=audit(1177002702.300:787): avc: denied { search } for
pid=18199 comm="cachemgr.cgi" name="squid" dev=hda5 ino=346594
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:squid_conf_t:s0
tclass=dir
If I'm reading this correctly, the problem is that the policy doesn't allow
cachmgr.cgi to get it's /etc/squid/cachemgr.conf file because the /etc/squid/
directory (and the cachemgr.conf) file are labeled:
# ll -Zd /etc/squid/
drwxr-xr-x root root system_u:object_r:squid_conf_t /etc/squid/
# ll -Z /etc/squid/cachemgr.conf
-rw-r--r-- root squid
system_u:object_r:squid_conf_t /etc/squid/cachemgr.conf
Shall I file a bug for this or is it already known, fixed,
work-around-is-available?
--
Lamont Peterson <lamont@xxxxxxxxxxxx>
Senior Instructor
Guru Labs, L.C. [ http://www.GuruLabs.com/ ]
NOTE: All messages from this email address should be digitally signed with my
0xDC0DD409 GPG key. It is available on the pgp.mit.edu keyserver as
well as other keyservers that sync with MIT's.
Attachment:
pgpeoY25noFfD.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
