Search squid archive

Re: Squid 3.5.9 RPM are available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey Veiko,
I am not a SELINUX expert but something might be wrong on your system settings or permissions. 
What OS exactly are you using? What version of CentOS?
I am using CentOS 7 with latest updates and it seems to work fine.
From the information you have supplied it seems that SELINUX either doesn't like squid accessing the tmpfs ie shm fs or another part of the fs. 
After we will have the OS version we can be smarter.
And also in any case you can just simply eliminate SELINUX for a sec and see how it works. If it works then maybe there is a need to allow couple things in SELINUX using audit2allow.
So supply the exact OS and also if possible squid.conf(removing password, spaces,comments etc) 

Eliezer

On 29/09/2015 16:34, Veiko Kukk wrote:

On 24/09/15 03:00, Eliezer Croitoru wrote:

Since it's a security release I will not write an article this time.
But I am happy to release the new RPMs for squid cache 3.5.9.


Since there are no new rpm-s in 3.4 branch after 3.4.10, I decided to
try/upgrade to 3.5.9. Squid does not start, fails with error message:

FATAL: Ipc::Mem::Segment::create failed to
shm_open(/squid-cf__metadata.shm): (13) Permission denied

Seems that something is wrong with SELinux rules:

type=AVC msg=audit(1443532370.438:1986): avc:  denied  { write } for
pid=20771 comm="squid" name="/" dev=tmpfs ino=5734
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1443532370.438:1986): arch=c000003e syscall=2
success=no exit=-13 a0=7ffeca42b530 a1=a0042 a2=180 a3=7ffeca42b2b0
items=0 ppid=20763 pid=20771 auid=502 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 tty=pts1 ses=122 comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)

This was not case with 3.4.10.

Best regards,
Veiko


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux