Search squid archive

Why does Squid4 do socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied) ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think almost every time squid opens a TCP connection, It also tried to open a raw socket of type AF_NETLINK. Syscall pasted below.

All that I can make sense of this is that Squid is trying to engage with iptables subsystem somehow ?

I have SELinux enforcing and would like to know what Squid is trying to do before figuring out how to allow that.

 

socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 90

socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied)

 

I am using WCCP and TLS interception with Squid 4.0.24 release. Everything works as expected except auditd is getting spammed with denial messages.

type=AVC msg=audit(1543478005.027:49455970): avc:  denied  { getattr } for  pid=13766 comm="squid" scontext=system_u:system_r:squid_t:s0 tcontext=sys

tem_u:system_r:squid_t:s0 tclass=netlink_socket

 

Any thoughts ?

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux