From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc3 Firefox/1.0.7 Description of problem: "service squid start" results in these log file error messages: squid[8180]: Squid Parent: child process 8183 started kernel: audit(1129250805.581:17): avc: denied { name_connect } for pid=8183 comm="squid" dest=35584 scontext=root:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket kernel: audit(1129250805.582:18): avc: denied { name_connect } for pid=8183 comm="squid" dest=35586 scontext=root:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket kernel: audit(1129250805.583:19): avc: denied { name_connect } for pid=8183 comm="squid" dest=35588 scontext=root:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket kernel: audit(1129250805.584:20): avc: denied { name_connect } for pid=8183 comm="squid" dest=35590 scontext=root:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket kernel: audit(1129250805.586:21): avc: denied { name_connect } for pid=8183 comm="squid" dest=35592 scontext=root:system_r:squid_t tcontext=system_u:object_r:port_t tclass=tcp_socket Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-3.16 squid-2.5.STABLE11-2.FC3 How reproducible: Always Steps to Reproduce: 1.service squid start 2. 3. Actual Results: error messages and clients unable to access squid Expected Results: no errors Clients able to access internet through squid Additional info:
setsebool -P squid_connect_any=1 You need to turn on this boolean
Wonderful! That did the job! Many Thanks! I'd like to improve my knowledge here. Is there documentation on this anywhere?
http://fedora.redhat.com/projects/selinux/