Hide Forgot
SELinux is preventing /usr/sbin/squid from 'getattr' accesses on the sock_file /run/winbindd/pipe. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that squid should be allowed getattr access on the pipe sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep squid /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:squid_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects /run/winbindd/pipe [ sock_file ] Source squid Source Path /usr/sbin/squid Port <Неизвестно> Host (removed) Source RPM Packages squid-3.1.15-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-39.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.40.6-0.fc15.i686 #1 SMP Tue Oct 4 00:51:19 UTC 2011 i686 i686 Alert Count 50 First Seen Ср. 26 окт. 2011 17:28:18 Last Seen Чт. 27 окт. 2011 11:20:41 Local ID 23c00ea5-f41b-4d95-8261-cdee43ca657e Raw Audit Messages type=AVC msg=audit(1319703641.688:23014): avc: denied { getattr } for pid=1241 comm="squid" path="/run/winbindd/pipe" dev=tmpfs ino=1044134 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1319703641.688:23014): arch=i386 syscall=lstat64 success=no exit=EACCES a0=212d15d8 a1=bfda0dfc a2=d86ff4 a3=bfda0e74 items=0 ppid=1233 pid=1241 auid=4294967295 uid=0 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 tty=(none) ses=4294967295 comm=squid exe=/usr/sbin/squid subj=system_u:system_r:squid_t:s0 key=(null) Hash: squid,squid_t,var_run_t,sock_file,getattr audit2allow #============= squid_t ============== #!!!! This avc is allowed in the current policy allow squid_t var_run_t:sock_file getattr; audit2allow -R #============= squid_t ============== #!!!! This avc is allowed in the current policy allow squid_t var_run_t:sock_file getattr;
/run/winbindd is mislabeled. Did you start winbind directly? What does # ps -eZ |grep winbind