On Sun, 2004-12-05 at 09:57 -0800, Tom London wrote:
Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied { write } for pid=3455 exe=/bin/bash name=squid dev=hda2 ino=4457453 scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t tclass=dir Dec 5 09:47:34 fedora kernel: audit(1102268854.527:0): avc: denied { add_name } for pid=3455 exe=/bin/bash name=squid.out scontext=root:system_r:initrc_t tcontext=system_u:object_r:squid_log_t tclass=dir
Is the squid init script messing around with the squid data? It'd be preferable if whatever it was doing was builtin squid functionality, so we don't have to allow initrc_t those privilges.