Description of problem: squidguard should not be doing chcon in its post install scripts. chcon should never be done in a post install since it will not survive a reboot. Also these commands are wrong /usr/bin/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1 /usr/bin/chcon -R system_u:object_r:squid_cache_t /var/squidGuard >/dev/null 2>&1 /usr/bin/chcon -R system_u:object_r:squid_log_t /var/log/squidGuard >/dev/null 2>&1 And are failing, while creating another avc. system_u:object_r:squid_log_t is not a valid context it should be system_u:object_r:squid_log_t:s0 Or a better command would have been /usr/bin/chcon -R -t squid_log_t /var/log/squidGuard >/dev/null But the way this should be done if you need to is # semanage fcontext -a -t squid_log_t '/var/log/squidGuard(/.*)?' # restorecon -R -v /var/log/squidGuard Similarly for the other file context. But really this labeling should go into the selinux-policy package, it is in RHEL5 and Rawhide now. Miroslav please add it to F9 and F10.
*** Bug 486438 has been marked as a duplicate of this bug. ***
Thanks, I just took this over, and was wondering about that. So all I need to do at this point is remove the chcon from post and rebuild?
Yes. And Miroslav needs to get out a new policy to label these directories correctly.
Two questions there, do I need to wait for the new policy, and which branches will have their policy updated for this, that I will need to build for?
No since your current fix does not work anyways, just remove the lines and I will talk to Miroslav to get it out quickly. F9, F10 need fix RHEL5 and Rawhide have it.
Ok, I'll pull the SOURCES for the policy bits as well, and get these out today.
Fixed in selinux-policy-3.5.13-46.fc10 and selinux-policy-3.3.1-124.fc9
Thanks.
squidGuard-1.4-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/squidGuard-1.4-2.fc10
squidGuard-1.4-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/squidGuard-1.4-2.fc9
squidGuard-1.4-2.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update squidGuard'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2009-2080
squidGuard-1.4-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update squidGuard'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-2092
squidGuard-1.4-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
squidGuard-1.4-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.