Bug 376621 - selinux prevents squid from accessing pam
selinux prevents squid from accessing pam
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Radek Vokal
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-11-11 17:41 EST by Tobias Ottmar
Modified: 2008-11-17 17:02 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-11-17 17:02:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Alert from setroubleshoot. (2.45 KB, text/plain)
2007-11-14 09:18 EST, Scott Bambrough
no flags Details
/etc/pam.d/squid, as requested. (67 bytes, text/plain)
2008-03-11 10:58 EDT, Tobias Ottmar
no flags Details
/etc/squid/squid.conf, as requested. (145.33 KB, text/plain)
2008-03-11 10:59 EDT, Tobias Ottmar
no flags Details
Selinux alerts (5.43 KB, text/plain)
2008-03-11 12:53 EDT, Martin Nagy
no flags Details
Audit log (4.97 KB, text/plain)
2008-03-12 11:07 EDT, Martin Nagy
no flags Details

  None (edit)
Description Tobias Ottmar 2007-11-11 17:41:58 EST
Description of problem:
Configured squid to use pam_auth (/usr/lib/squid/pam_auth) which authenticates
squid users against local users using pam. Selinux denies this, saying:

avc: denied { execute } for comm=pam_auth dev=md0 name=unix_chkpwd pid=10491
scontext=root:system_r:squid_t:s0 tclass=file

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:
selinux should allow squid to authenticate local users.

Additional info:
Please contact me if anything is missing. I'm happy to help! :)
Comment 1 Scott Bambrough 2007-11-14 09:17:27 EST
This particular bug also occurs on RHEL 5.1.
Comment 2 Scott Bambrough 2007-11-14 09:18:08 EST
Created attachment 258061 [details]
Alert from setroubleshoot.
Comment 3 Martin Nagy 2008-03-11 08:47:37 EDT
Please attach your /etc/squid/squid.conf and /etc/pam.d/squid
Comment 4 Tobias Ottmar 2008-03-11 10:58:20 EDT
Created attachment 297620 [details]
/etc/pam.d/squid, as requested.
Comment 5 Tobias Ottmar 2008-03-11 10:59:08 EDT
Created attachment 297622 [details]
/etc/squid/squid.conf, as requested.
Comment 6 Martin Nagy 2008-03-11 12:50:16 EDT
Reassigning to selinux-policy.
Comment 7 Martin Nagy 2008-03-11 12:53:08 EDT
Created attachment 297643 [details]
Selinux alerts

I saw these.
Comment 8 Martin Nagy 2008-03-12 11:07:49 EDT
Created attachment 297782 [details]
Audit log
Comment 9 Josef Kubin 2008-03-12 17:30:19 EDT
The new packages are available: http://people.redhat.com/jkubin/selinux/F8/
Test them please, thank you.
Comment 10 Martin Nagy 2008-03-13 04:04:38 EDT
These packages work for me
Comment 11 Tony Fu 2008-10-05 21:27:45 EDT
User jkubin@redhat.com's account has been closed
Comment 12 Daniel Walsh 2008-11-17 17:02:37 EST
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.

Note You need to log in before you can comment on or make changes to this bug.