Op donderdag 05-02-2009 om 18:42 uur [tijdzone +0000], schreef Arthur Dent: > The proposed remedy of: > restorecon -v '/var/squidGuard/blacklists/blacklists/porn/domains.db' > made no difference. > > When I do a ls -laZ on these directories I get a mizture of: > squid squid system_u:object_r:var_t:s0 and > squid squid unconfined_u:object_r:var_t:s0 It looks like squidGuard owns /var/squidGuard but does not manage it's content with a private type. Then later squid tries to interact with squidGuards content there. But the content is created with a generic type for var (var_t) You can solve this issue by writing policy for squidGuard. You should enforce squidGuard to manage it's files using private types instead of just using the generic var_t. Then later, you can give squid access to that type. Can you share your policy for squidGuard? In which domain is the squidGuard process running? ps auxZ | grep squidguard. The point is that squid_t is not allowed to read and write generic content in /var. hth > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
