Lamont Peterson wrote:
On RHEL5 and FC6, I'm seeing an AVC denied message when trying to use
cachemgr.cgi:
type=AVC msg=audit(1177002702.300:787): avc: denied { search } for
pid=18199 comm="cachemgr.cgi" name="squid" dev=hda5 ino=346594
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:squid_conf_t:s0
tclass=dir
If I'm reading this correctly, the problem is that the policy doesn't allow
cachmgr.cgi to get it's /etc/squid/cachemgr.conf file because the /etc/squid/
directory (and the cachemgr.conf) file are labeled:
# ll -Zd /etc/squid/
drwxr-xr-x root root system_u:object_r:squid_conf_t /etc/squid/
# ll -Z /etc/squid/cachemgr.conf
-rw-r--r-- root squid
system_u:object_r:squid_conf_t /etc/squid/cachemgr.conf
Shall I file a bug for this or is it already known, fixed,
work-around-is-available?
Please update to the latest selinux-policy. This should work there.
yum -y update selinux-policy
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
