On Sun, 05 Dec 2004 11:38:04 +0100, Giuseppe Greco giuseppe.greco@agamura.com wrote:
Thanks Tom,
the situation is now much better... I'm able to start squid, but I still get the following two error messages:
Starting squid: audit(1102241826.255.0): avc: denied { getattr } for pid=2435 exe=/usr/sbin/squid path=/boot dev=hda1 ino=2 scontext=root:system_r:squid_t tcontext=system_u:object_r:boot_t tclass=dir
audit(1102241826.255.0): avc: denied { getattr } for pid=2435 exe=/usr/sbin/squid path=/tmp dev=dm-3 ino=2 scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t tclass=dir
It looks like there are problems with directories /boot and /tmp...
What's strange is that I get these error messages on a machine where I just upgraded from FC1 to FC3... I've also another machine on which I installed FC3 from scratch and here I've no problems at all.
I'm running strict/enforcing with latest Rawhide packages (selinux-policy-strict-1.19.10-4)
If I change to permissive mode (via 'setenforce 0') and start squid (via '/etc/init.d/squid start') I get the following:
Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied { write } for pid=3455 exe=/bin/bash name=squid dev=hda2 ino=4457453 scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t tclass=dir Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied { add_name } for pid=3455 exe=/bin/bash name=squid.out scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t tclass=dir Dec 5 09:47:34 fedora kernel: audit(1102268854.528:0): avc: denied { create } for pid=3455 exe=/bin/bash name=squid.out scontext=root:system_r:initrc_t tcontext=root:object_r:squid_log_t tclass=file Dec 5 09:47:35 fedora squid[3458]: Squid Parent: child process 3460 started
With squid successfully running.
This indicates that the policy may need some additional rules, like: allow initrc_t squid_log_t:dir { add_name write }; allow initrc_t squid_log_t:file create;
But I don't get the messages you get. I'm running squid-2.5.STABLE7-1. This the same as you?
tom