I think almost every time squid opens a TCP connection, It also tried to open a raw socket of type AF_NETLINK. Syscall pasted below. All that I can make sense of this is that Squid is trying to engage with iptables subsystem somehow ? I have SELinux enforcing and would like to know what Squid is trying to do before figuring out how to allow that. socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 90 socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied) I am using WCCP and TLS interception with Squid 4.0.24 release. Everything works as expected except auditd is getting spammed with denial messages.
type=AVC msg=audit(1543478005.027:49455970): avc: denied { getattr } for pid=13766 comm="squid" scontext=system_u:system_r:squid_t:s0 tcontext=sys tem_u:system_r:squid_t:s0 tclass=netlink_socket Any thoughts ? |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users