Search squid archive

Re: Squid 3.5.9 RPM are available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

can you do a little test for me?

can you please try the following acl

acl block_as4837 dst_as 4837
http_access deny block_as4837

and then try in a browser
http://sudo.ml

Thanks,
Walter

On 30.09.2015 18:45, Veiko Kukk wrote:
On 30/09/15 18:27, Veiko Kukk wrote:
I'm sorry, should have provided operating system version with my first
post. It is CentOS 6.7 with latest updates.

Sure, when changing selinux to permissive mode, it works. I have not had
time meanwhile to find out what are the required minimal selinux changes
required, probably allowing squid to write to /dev/shm.

If somebody has the same problem, and happens to read mailinglist archive, this is the solution. My guess about /dev/shm was true,

# grep squid /var/log/audit/audit.log| audit2allow -a
#============= squid_t ==============
#!!!! The source type 'squid_t' can write to a 'dir' of the following types: # squid_log_t, var_log_t, var_run_t, pcscd_var_run_t, squid_var_run_t, squid_cache_t, tmp_t, cluster_var_lib_t, cluster_var_run_t, root_t, krb5_host_rcache_t, cluster_conf_t

allow squid_t tmpfs_t:dir { write remove_name add_name };
allow squid_t tmpfs_t:file { create unlink };
allow squid_t user_tmpfs_t:file { read write };

If you agree with offered rights, create custom module and load it.

# grep squid /var/log/audit/audit.log| audit2allow -a -M mysquid
******************** IMPORTANT ***********************
To make this policy package active, execute:

# semodule -i mysquid.pp

And now squid 3.5.9 on CentOS 6.7 works with selinux enforced mode.

Veiko


<<attachment: smime.p7s>>

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux