On Mon, 15 Jun 2009 07:19:39 +0100 Paul Howarth <paul@xxxxxxxxxxxx> wrote: > On Mon, 15 Jun 2009 13:47:08 +1000 > Scott Radvan <sradvan@xxxxxxxxxx> wrote: > > > I got a denial when actually starting squid for the first time (I > > assume this happens as it attempts to create its pid in /var/run): > > What's happening here is a denial for *reading* /var/run/squid.pid, > which is of type var_run_t. Now in Fedora 11 this file should be > labelled squid_var_run_t, and that's what it is labelled on two Fedora > 11 boxes freshly installed here. It seems there's a labelling problem > on your system. Can you post the output of "ls -lZa /var/run"? Is your > system a fresh install or an upgrade? > > Paul. I'm pretty sure I've figured out what I was doing wrong after another re-install. I was previously starting squid directly from /usr/sbin/squid instead of using 'service squid start'. Starting it directly from /usr/sbin/squid apparently(?) doesn't initialise squid.pid as squid_var_run_t, rather it just starts as var_run_t, which is why I got a denial. Starting squid via 'service squid start' as I should have been doing from the start is working fine now. Thanks for your help Paul. -- Scott Radvan Content Author, Platform (Installation and Deployment) Red Hat Asia Pacific (Brisbane) http://www.apac.redhat.com -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
