Re: Squid 3.1.10 CentOS : cache_swap_log (13) Permission Denied

[Christophe Marchand <cmarchand@xxxxxxxxxx>]

Hum... it's difficult to understand...
After having deleted the cache_swap_log line, and modified the cache_dir 
to /drive/squid_guard, audit.log finish with this :

type=AVC msg=audit(1355919099.367:139918): avc:  denied  { write } for  
pid=1770 comm="squid" name="squid_cache" dev=dm-2 ino=3145729 
scontext=unconfined_u:system_r:squid_t:s0 
tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir
type=SYSCALL msg=audit(1355919099.367:139918): arch=c000003e syscall=2 
success=no exit=-13 a0=7f01574b0200 a1=441 a2=1a4 a3=7fff254ad5a0 
items=0 ppid=1742 pid=1770 auid=500 uid=0 gid=23 euid=23 suid=0 fsuid=23 
egid=23 sgid=23 fsgid=23 tty=(none) ses=45 comm="squid" 
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)

uid and gid are :
[root@proxy-new ~]# id root
uid=0(root) gid=0(root) groupes=0(root)
[root@proxy-new ~]# id squid
uid=23(squid) gid=23(squid) groupes=23(squid)

It seems that root:squid try to write-access to squid_cache... or I 
misunderstand...

So, I've chowned -R root:squid /drive/squid_cache, and results are now :
[root@proxy-new drive]# ls -al /drive/
total 28
drwxr-xr-x.  4 root root   4096 18 déc.  10:23 .
dr-xr-xr-x. 27 root root   4096 18 déc.  11:29 ..
drwx------.  2 root root  16384 18 déc.  08:41 lost+found
drwxr-xr-x. 66 root squid  4096 18 déc.  10:31 squid_cache

cache.log :
2012/12/19 13:33:01| Starting Squid Cache version 3.1.10 for 
x86_64-redhat-linux-gnu...
2012/12/19 13:33:01| Process ID 2144
2012/12/19 13:33:01| With 1024 file descriptors available
2012/12/19 13:33:01| Initializing IP Cache...
2012/12/19 13:33:01| DNS Socket created at [::], FD 7
2012/12/19 13:33:01| DNS Socket created at 0.0.0.0, FD 8
2012/12/19 13:33:01| Adding domain lan from /etc/resolv.conf
2012/12/19 13:33:01| Adding domain lan from /etc/resolv.conf
2012/12/19 13:33:01| Adding nameserver 192.168.1.254 from /etc/resolv.conf
2012/12/19 13:33:01| User-Agent logging is disabled.
2012/12/19 13:33:01| Referer logging is disabled.
2012/12/19 13:33:01| Unlinkd pipe opened on FD 12
2012/12/19 13:33:01| Local cache digest enabled; rebuild/rewrite every 
3600/3600 sec
2012/12/19 13:33:01| Store logging disabled
2012/12/19 13:33:01| Swap maxSize 352321536 + 1048576 KB, estimated 
27182316 objects
2012/12/19 13:33:01| Target number of buckets: 1359115
2012/12/19 13:33:01| Using 2097152 Store buckets
2012/12/19 13:33:01| Max Mem  size: 1048576 KB
2012/12/19 13:33:01| Max Swap size: 352321536 KB
2012/12/19 13:33:01| /drive/squid_cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.018 seconds = 0.017 user + 0.001 sys
Maximum Resident Size: 36832 KB
Page faults with physical i/o: 0


audit.log :
No change...

Best regards,
Christophe

Le 19/12/2012 10:36, John Doe a écrit :
> From: Christophe Marchand <cmarchand@xxxxxxxxxx>
>
> > I have the following problem : when I do not declare a cache dir, my squid
> > starts correctly and runs perfectly. When I uncomment the cache_dir line, it
> > fails with this message :
> >      2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied
> >      FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
> >
> > My squid.conf is :
> >      cache_dir aufs /drive/squid_cache/ 344064 64 64
> >      coredump_dir /var/spool/squid
> >      access_log none
> >      cache_store_log none
> >      cache_swap_log /var/cache/squid/
> >
> > ls -al /var/cache returns this :
> >      drwxrw-r--.  2 squid     squid     4096 18 déc.  10:56 squid
> >
> > ps -ef | grep squid does not show a squid running
> Is SElinux enabled...?
> If so, checked in /var/log/audit/audit.log ?
>
> JD