Hello all,
Still on my mission to clean up any unnecessary local policies I might
have mistakenly created I have now turned my attention to my squid web
proxy.
I have a nightly script which downloads updated blacklists to be fed to
squidGuard. They are held in a variety of directories under
/var/squidGuard/blacklists/ and without my local policy I get avcs when
something tries to access one of these blacklist databases.
The proposed remedy of:
restorecon -v '/var/squidGuard/blacklists/blacklists/porn/domains.db'
made no difference.
When I do a ls -laZ on these directories I get a mizture of:
squid squid system_u:object_r:var_t:s0 and
squid squid unconfined_u:object_r:var_t:s0
Which should it be?
Should I build a chcon statement into the download script?
Audit2why said that the denial was caused by a "Missing type enforcement
(TE) allow rule."
and audit2allow produced this (which is the same as I had in my local
policy):
require {
type squid_t;
}
#============= squid_t ==============
files_rw_var_files(squid_t)
Should I just stick with my local policy, or fix something else?
Thanks
Mark
p.s. Happy to post the whole avc(s) if required...
Attachment:
pgpaYvAKhMm1W.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
