First Last Prev Next    This bug is not in your last search results.
Bug 166269 - SELinux blocks Squid's sasl_auth module from contacting saslauthd
SELinux blocks Squid's sasl_auth module from contacting saslauthd
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-18 10:25 EDT by Aleksandar Milivojevic
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: u2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-12 14:15:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Aleksandar Milivojevic 2005-08-18 10:25:32 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050721 CentOS/1.0.6-1.4.1.centos4 Firefox/1.0.6

Description of problem:
I've configured squid to check passwords using SASL like this:

# grep 'sasl_auth' /etc/squid/squid.conf
auth_param basic program /usr/lib/squid/sasl_auth

# cat /usr/lib/sasl2/squid_sasl_auth.conf
pwcheck_method: saslauthd

However, SELinux is blocking Squid's sasl_auth module from connecting to saslauthd's socket:

Aug 17 15:51:09 t112 kernel: audit(1124311869.679:0): avc:  denied  { write } for  pid=6417 comm=sasl_auth name=mux dev=dm-3 ino=180280 scontext=root:system_r:squid_t tcontext=root:object_r:var_run_t tclass=sock_file

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.88

How reproducible:
Always

Steps to Reproduce:
1. configure squid and sasl_auth as described above
  

Additional info:
Comment 1 Aleksandar Milivojevic 2005-08-18 10:38:28 EDT 
Just a small note.  sasl_auth is not a "loadable module".  It is stand-alone
helper application (runs as separate process, started by Squid).  So it is
sufficient for sasl_auth process to have access to saslauthd's socket.  Squid
itself does not need access to it.
Comment 2 Daniel Walsh 2005-09-27 15:46:17 EDT 
Fixed in U2.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.