Hi.
I'm trying to setup squid with SELinux, the problem i encounter is taht
i want to add another directory for cache, in this system we have a home
partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid user_u:object_r:squid_cache_t .
drwxr-xr-x squid squid system_u:object_r:home_root_t ..
drwxr-x--- squid squid user_u:object_r:squid_cache_t 00
drwxr-x--- squid squid user_u:object_r:squid_cache_t 01
...
But when i want start it i get this:
type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for
pid=30924 comm="squid" name="/" dev=sda3 ino=2
scontext=user_u:system_r:squid_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
I know that the solution is to mount the huge partition on
/var/spool/squid, i'm a newbie to SELinux, and want to know if it's
posible to archive this.
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20110131/a04f3c0b/attachment-0002.html>
Hi Mrcos (2011/02/01 0:31), Marcos Lois Berm?dez wrote:> semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' > > i check the files and are in the good context: > > drwxr-xr-x squid squid user_u:object_r:squid_cache_t .**> drwxr-xr-x squid squid system_u:object_r:home_root_t ..> drwxr-x--- squid squid user_u:object_r:squid_cache_t 00 > drwxr-x--- squid squid user_u:object_r:squid_cache_t 01 > ... > > But when i want start it i get this: > > type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir[root at localhost ~]# audit2allow -m squid type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sda3 ino=2 scontext=user_u:system_r:squid_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir Ctl-D module squid 1.0; require { type home_root_t; type squid_t; class dir search; } #============= squid_t =============allow squid_t home_root_t:dir search; [root at localhost ~]# It seems the directory '/home/squid' has 'home_root_t' type. Change it to 'squid_cache_t' # chcon -u system_u -r object_r -t squid_cache_t /home/squid --Tsuyoshi.