Bug 161942 - SELinux blocks squid ntlm helper
Summary: SELinux blocks squid ntlm helper
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted
Version: 4.0
Hardware: i686
OS: Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact:
Depends On:
Blocks: 156322
TreeView+ depends on / blocked
Reported: 2005-06-28 16:43 UTC by Reggy Ekkebus
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: RHBA-2005-645
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-10-05 16:34:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:645 0 qe-ready SHIPPED_LIVE SELinux policy bug fix update 2005-10-05 04:00:00 UTC

Description Reggy Ekkebus 2005-06-28 16:43:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Description of problem:
This is what i get when i start squid:

audit(1119976504.369:0): avc:  denied  { search } for  pid=3576 exe=/usr/bin/ntlm_auth name=samba dev=sda2 ino=145480 scontex
t=root:system_r:squid_t tcontext=system_u:object_r:samba_etc_t tclass=dir

This is propably due to enabling ntlm authentication in squid.


auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Put above config in your squid.conf
2.service squid start

Actual Results:  squid's ntlm helper is blocked

Expected Results:  squid's ntlm helper should not be blocked/denied

Additional info:

The error accurs a few times for every child.

Comment 1 Daniel Walsh 2005-07-11 18:21:56 UTC
Fixed in selinux-policy-targeted-1.25.1-7

Comment 2 Red Hat Bugzilla 2005-10-05 16:34:52 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.