On 30/09/15 18:27, Veiko Kukk wrote:
I'm sorry, should have provided operating system version with my first
post. It is CentOS 6.7 with latest updates.
Sure, when changing selinux to permissive mode, it works. I have not had
time meanwhile to find out what are the required minimal selinux changes
required, probably allowing squid to write to /dev/shm.
If somebody has the same problem, and happens to read mailinglist
archive, this is the solution. My guess about /dev/shm was true,
# grep squid /var/log/audit/audit.log| audit2allow -a
#============= squid_t ==============
#!!!! The source type 'squid_t' can write to a 'dir' of the following types:
# squid_log_t, var_log_t, var_run_t, pcscd_var_run_t, squid_var_run_t,
squid_cache_t, tmp_t, cluster_var_lib_t, cluster_var_run_t, root_t,
krb5_host_rcache_t, cluster_conf_t
allow squid_t tmpfs_t:dir { write remove_name add_name };
allow squid_t tmpfs_t:file { create unlink };
allow squid_t user_tmpfs_t:file { read write };
If you agree with offered rights, create custom module and load it.
# grep squid /var/log/audit/audit.log| audit2allow -a -M mysquid
******************** IMPORTANT ***********************
To make this policy package active, execute:
# semodule -i mysquid.pp
And now squid 3.5.9 on CentOS 6.7 works with selinux enforced mode.
Veiko
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
