Hey Walter,
I do not know yet of a way to get SELinux work with squid nicely.
I do know it can be done with enough knowledge and couple additions.
If anyone is a SELinux expert or just can find the appropriate way of
handling squid conflicts with SELinux I would be happy to try to push
these into the RPMs.
For now the suggestion is to use selinux policy to permissive while on
most squid systems(dedicated) you wont force selinux but I am still not
sure why.
Fedora has some docs about it:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/chap-Managing_Confined_Services-Squid_Caching_Proxy.html
This setting direction policy will might help something:
setsebool -P squid_connect_any 1
And at redhat couple notes:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Confined_Services/chap-Managing_Confined_Services-Squid_Caching_Proxy.html
Can you share the errors you see in logs? either squid logs or messages log?
Are you using a cache_dir ?
There is also a demonstration on how to create a selinux module\policy
fro qlproxy:
http://sichent.wordpress.com/2011/05/10/build-selinux-policy-for-your-next-daemon-part-1/
I hope it helps.
Eliezer
On 08/12/13 22:34, Walter H. wrote:
Hello,
I have the ident problem as here:
http://comments.gmane.org/gmane.comp.web.squid.general/99601
SELinux=enforcing prevents running squid ...
my system: a CentOS 6.5, squid-3.3.11
./configure --enable-ssl
--enable-ssl-crtd
--disable-htcp
--disable-eui
--disable-snmp
--enable-useragent-log
--enable-referer-log
--enable-cachemgr-hostname=localhost
--prefix=/usr
--includedir=/usr/include
--datadir=/usr/share
--bindir=/usr/sbin
--libexecdir=/usr/lib/squid
--localstatedir=/var
--sysconfdir=/etc/squid
--with-dl
--with-openssl
--with-pthreads
--with-logdir=/var/log/squid
--with-default-user=squid
can someone give me a hint, what to do?
by the way, the binary packages from here:
http://wiki.squid-cache.org/SquidFaq/BinaryPackages#CentOS
have the same problem ...
Thanks,
Walter
