Bug 199083
Summary: | selinux stops squid | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Frank Büttner <bugzilla> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-03-28 20:02:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Frank Büttner
2006-07-17 07:30:00 UTC
You have a labling problem. Looks like some kind of tmp directory is being mounted and not labeled correctly or you created files on a tmp directory and moved it to a directory squid is trying to access? I can't find an unlabled file. But it is very interesting. When change the access method in the squid config file from diskd to ufs then I get an other error: type=AVC msg=audit(1153151192.075:937): avc: denied { name_bind } for pid=8719 comm="squid" src=3130 scontext=user_u:system_r:squid_t:s0 tcontext =system_u:object_r:http_cache_port_t:s0 tclass=udp_socket type=SYSCALL msg=audit(1153151192.075:937): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf9f85f4 a2=8499a4 a3=bf9f8604 items=0 pid=8719 au id=500 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=user_u:system_r:squid_t:s0 type=SOCKADDR msg=audit(1153151192.075:937): saddr=02000C3A000000000000000000000000 type=SOCKETCALL msg=audit(1153151192.075:937): nargs=3 a0=c a1=bf9f8604 a2=10 type=AVC msg=audit(1153151195.403:938): avc: denied { name_bind } for pid=8726 comm="squid" src=3130 scontext=user_u:system_r:squid_t:s0 tcontext =system_u:object_r:http_cache_port_t:s0 tclass=udp_socket type=SYSCALL msg=audit(1153151195.403:938): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfef32f4 a2=4129a4 a3=bfef3304 items=0 pid=8726 au id=500 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=user_u:system_r:squid_t:s0 type=SOCKADDR msg=audit(1153151195.403:938): saddr=02000C3A000000000000000000000000 type=SOCKETCALL msg=audit(1153151195.403:938): nargs=3 a0=c a1=bfef3304 a2=10 type=AVC msg=audit(1153151198.723:939): avc: denied { name_bind } for pid=8733 comm="squid" src=3130 scontext=user_u:system_r:squid_t:s0 tcontext =system_u:object_r:http_cache_port_t:s0 tclass=udp_socket type=SYSCALL msg=audit(1153151198.723:939): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfc96094 a2=4709a4 a3=bfc960a4 items=0 pid=8733 au id=500 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=user_u:system_r:squid_t:s0 type=SOCKADDR msg=audit(1153151198.723:939): saddr=02000C3A000000000000000000000000 type=SOCKETCALL msg=audit(1153151198.723:939): nargs=3 a0=c a1=bfc960a4 a2=10 type=AVC msg=audit(1153151202.040:940): avc: denied { name_bind } for pid=8739 comm="squid" src=3130 scontext=user_u:system_r:squid_t:s0 tcontext =system_u:object_r:http_cache_port_t:s0 tclass=udp_socket Fixed in selinux-policy-2.3.2-1.fc5 Closing bugs |