Re: Squid question in FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Chris wrote:
Thanks, and it's exactly because of that. I didn't realize that I installed SELinux...

I got following error messages when I do 'squid -z':

Feb 25 00:30:26 eden kernel: audit(1109259026.091:0): avc: denied { search } for pid=4836 exe=/usr/sbin/squid name=tmp dev=hda12 ino=480001 scontext=root:system_r:squid_t
tcontext=system_u:object_r:tmp_t tclass=dir
Feb 25 00:30:26 eden squid: Failed to make swap directory /tmp/squid: (13) Permission
denied


I just don't get it since the dir is writable for squid:

drwxr-xr-x   2 squid squid  4096 Feb 25 00:06 squid/

Is this a known issue of SELinux? Is there any way to work around it?

This is a feature, not a bug ;-)

SELinux imposes additional restrictions on what the squid server can do, so that if it is compromised, it is difficult for the attacker to do anything useful with it, like write a rootkit to /tmp. This is all on top of the existing unix permissions.

Try approaching the problem a different way. What is the underlying reason why you want the squid cache to be in /tmp instead of /var/spool/squid?

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux