SELinux security alert/Squid -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yesterday I began getting an "SELinux security alert" and Firefox began 
to operate erratically [became useless].

I did "setsebool -P squid_connect_any=1" per the alert and Firefox began 
to work again, however now this morning I am getting a similar notice 
although it appears to be making an exception.

Do I need to take some further action to satisfy SELinux or will I 
continue to get this notice until some future update?

Bob
.



        Summary:

        SELinux is preventing the squid daemon from connecting to
        network port 8180

        Detailed Description:

        [squid has a permissive type (squid_t). This access was not denied.]

        SELinux has denied the squid daemon from connecting to 8180. By
        default squid
        policy is setup to deny squid connections. If you did not setup
        squid to network
        connections, this could signal a intrusion attempt.

        Allowing Access:

        If you want squid to connect to network ports you need to turn
        on the
        squid_connect_any boolean: "setsebool -P squid_connect_any=1"

        Fix Command:

        setsebool -P squid_connect_any=1

        Additional Information:

        Source Context                system_u:system_r:squid_t:s0
        Target Context                system_u:object_r:port_t:s0
        Target Objects                None [ tcp_socket ]
        Source                        squid
        Source Path                   /usr/sbin/squid
        Port                          8180
        Host                          box6
        Source RPM Packages           squid-3.1.0.15-2.fc12
        Target RPM Packages
        Policy RPM                    selinux-policy-3.6.32-78.fc12
        Selinux Enabled               True
        Policy Type                   targeted
        Enforcing Mode                Enforcing
        Plugin Name                   squid_connect_any
        Host Name                     box6
        Platform                      Linux box6
        2.6.31.12-174.2.3.fc12.x86_64 #1 SMP
                                       Mon Jan 18 19:52:07 UTC 2010
        x86_64 x86_64
        Alert Count                   33
        First Seen                    Sun 07 Feb 2010 04:50:46 PM EST
        Last Seen                     Sun 07 Feb 2010 05:08:58 PM EST
        Local ID                      87daf7bf-ecdf-4025-9780-520ef4d433f5
        Line Numbers

        Raw Audit Messages

        node=box6 type=AVC msg=audit(1265580538.758:20027): avc: 
        denied  { name_connect } for  pid=1504 comm="squid" dest=8180
        scontext=system_u:system_r:squid_t:s0
        tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

        node=box6 type=SYSCALL msg=audit(1265580538.758:20027):
        arch=c000003e syscall=42 success=yes exit=4294967424 a0=e
        a1=7fd5727bb730 a2=1c a3=1c items=0 ppid=1502 pid=1504
        auid=4294967295 uid=0 gid=23 euid=23 suid=0 fsuid=23 egid=23
        sgid=23 fsgid=23 tty=(none) ses=4294967295 comm="squid"
        exe="/usr/sbin/squid" subj=system_u:system_r:squid_t:s0 key=(null)

-- 

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux