Re: [FC3] squid ftp blocked by selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 2005-07-30 at 11:48 +0200, Jurgen Kramer wrote:
> After the last selinux policy update I can no longer use squid to proxy
> FTP transfers. dmesg shows lots of:
> 
> audit(1122716171.029:8): avc:  denied  { name_connect } for  pid=2553
> comm="squid" dest=21 scontext=user_u:system_r:squid_t
> tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> audit(1122716171.129:9): avc:  denied  { name_connect } for  pid=2553
> comm="squid" dest=21 scontext=user_u:system_r:squid_t
> tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> audit(1122716171.229:10): avc:  denied  { name_connect } for  pid=2553
> comm="squid" dest=21 scontext=user_u:system_r:squid_t
> tcontext=system_u:object_r:ftp_port_t tclass=tcp_socket
> 
> HTTP transfers still function fine. How can I fix this?

Does this help?

# setsebool -P squid_connect_any 1

Paul.
-- 
Paul Howarth <paul@xxxxxxxxxxxx>
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux