Dear All, Your guidance is required. Please help. It looks that squid process run by default as a confined process whether its a compiled version or a version that come with the linux distro. It means that the squid software is SELINUX aware.Am i right? [root@squidLhr ~]# ps -eZ | grep squid system_u:system_r:squid_t 3173 ? 00:00:00 squid system_u:system_r:squid_t 3175 ? 00:00:00 squid system_u:system_r:squid_t 3177 ? 00:00:00 squid system_u:system_r:squid_t 3179 ? 00:00:00 squid system_u:system_r:squid_t 3222 ? 00:00:00 unlinkd system_u:system_r:squid_t 3223 ? 00:00:00 unlinkd it was successful before i changed the selinux to enforcing.Now i even cannot start squid process that access the parent at localhost(3128) manually even. The other process starts normally if i do manually. When running as an unconfined process by the following command the problem had resolved chcon -t unconfined_exec_t /usr/sbin/squid However it doesnot feel appropriate to me. Please guide me on this. I am starting squid with the following init script if it has something to do with the problem: #!/bin/sh # #my script case "$1" in start) /usr/sbin/squid -D -sYC -f /etc/squid/squidcache.conf /usr/sbin/squid -D -sYC -f /etc/squid/squid.conf #The below line is to automatically start apache with system startup /usr/sbin/httpd -k start #KRB5_KTNAME=/etc/squid/HTTP.keytab #export KRB5_KTNAME #KRB5RCACHETYPE=none #export KRB5RCACHETYPE ;; stop) /usr/sbin/squid -k shutdown -f /etc/squid3/squidcache.conf echo "Shutting down squid secondary process" /usr/sbin/squid -k shutdown -f /etc/squid3/squid.conf echo "Shutting down squid main process" # The below line is to automatically stop apache at system shutdown /usr/sbin/httpd -k stop ;; esac Thanking you & regards, Bilal ---------------------------------------- > From: gigoz@xxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Date: Tue, 18 May 2010 06:02:35 +0000 > Subject: SELINUX issue > > > Hi all, > > When i change SELINUX from permissive mode to Enforcing mode. My multiple instance setup fail to start. Please guide how to overcome this. > > -----------------------Excerpts from cache.log----------------- > > 2010/05/18 10:31:51| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:51| Store rebuilding is 7.91% complete > 2010/05/18 10:31:52| Done reading /var/spool/squid swaplog (51794 entries) > 2010/05/18 10:31:52| Finished rebuilding storage from disk. > 2010/05/18 10:31:52| 51794 Entries scanned > 2010/05/18 10:31:52| 0 Invalid entries. > 2010/05/18 10:31:52| 0 With invalid flags. > 2010/05/18 10:31:52| 51794 Objects loaded. > 2010/05/18 10:31:52| 0 Objects expired. > 2010/05/18 10:31:52| 0 Objects cancelled. > 2010/05/18 10:31:52| 0 Duplicate URLs purged. > 2010/05/18 10:31:52| 0 Swapfile clashes avoided. > 2010/05/18 10:31:52| Took 1.13 seconds (45641.00 objects/sec). > 2010/05/18 10:31:52| Beginning Validation Procedure > 2010/05/18 10:31:52| Completed Validation Procedure > 2010/05/18 10:31:52| Validated 103614 Entries > 2010/05/18 10:31:52| store_swap_size = 913364 > 2010/05/18 10:31:52| storeLateRelease: released 0 objects > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| Detected DEAD Parent: 127.0.0.1 > 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed > 2010/05/18 10:31:52| Failed to select source for 'http://1.channel19.facebook.com/p' > 2010/05/18 10:31:52| always_direct = 0 > 2010/05/18 10:31:52| never_direct = 1 > 2010/05/18 10:31:52| timedout = 0 > 2010/05/18 10:31:57| Failed to select source for 'http://0.channel19.facebook.cm > > -------------------------------------------------------------------------------------------- > > > regards, > > Bilal > _________________________________________________________________ > Hotmail: Trusted email with powerful SPAM protection. > https://signup.live.com/signup.aspx?id=60969 _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
