Did you notice you have Write access only to the owner and not the group?
try changing access step by step to make sure like any other permission
problem you will ever see.
- allow user all
- allow group all
- allow all all
etc...
basic permissions tests.
Regards,
Eliezer
On 12/19/2012 2:41 PM, Christophe Marchand wrote:
Hum... it's difficult to understand...
After having deleted the cache_swap_log line, and modified the cache_dir
to /drive/squid_guard, audit.log finish with this :
type=AVC msg=audit(1355919099.367:139918): avc: denied { write } for
pid=1770 comm="squid" name="squid_cache" dev=dm-2 ino=3145729
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir
type=SYSCALL msg=audit(1355919099.367:139918): arch=c000003e syscall=2
success=no exit=-13 a0=7f01574b0200 a1=441 a2=1a4 a3=7fff254ad5a0
items=0 ppid=1742 pid=1770 auid=500 uid=0 gid=23 euid=23 suid=0 fsuid=23
egid=23 sgid=23 fsgid=23 tty=(none) ses=45 comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
uid and gid are :
[root@proxy-new ~]# id root
uid=0(root) gid=0(root) groupes=0(root)
[root@proxy-new ~]# id squid
uid=23(squid) gid=23(squid) groupes=23(squid)
It seems that root:squid try to write-access to squid_cache... or I
misunderstand...
--
Eliezer Croitoru
https://www1.ngtech.co.il
sip:ngtech@xxxxxxxxxxxx
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il