Description of problem: If for some reason you have to choose the listen ports of squid in the range <1025, start of squid fails. Version-Release number of selected component (if applicable): selinux-policy-2.4.6-30.el5 squid-2.6.STABLE6-3.el5 How reproducible: Change the ports in /etc/squid/squid.conf: # http_port 3128 http_port 81 # icp_port 3130 icp_port 81 Steps to Reproduce: 1. 2. 3. Actual results: type=AVC msg=audit(1174922283.052:525): avc: denied { name_bind } for pid=9659 comm="squid" src=81 scontext=root:system_r:squid_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket type=AVC msg=audit(1174985649.607:644): avc: denied { name_bind } for pid=12519 comm="squid" src=81 scontext=root:system_r:squid_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=udp_socket There is also an other error, don't know if it's important: type=AVC msg=audit(1174922286.075:526): avc: denied { search } for pid=9664 comm="squid" name="tmp" dev=dm-0 ino=780289 scontext=root:system_r:squid_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir Expected results: Additional info:
If you want to change the http port in selinux, you would execute semanage port -a -t http_port_t -p tcp 81 This would then define port 81 to a port that squid can listen too.
I suspect the SElinux type in the comment is incorrect, http_cache_port_t seems more accurate for RHEL5. e.g. semanage port -a -t http_cache_port_t -p tcp 80 However, running that command returns the following error /usr/sbin/semanage: Port tcp/80 already defined semanage port -d -p tcp 80 /usr/sbin/semanage: Port tcp/80 is defined in policy, cannot be deleted
Well he stated he wanted to use port 81.