libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.2.10-1.fc16.x86_64 reason: SELinux is preventing /usr/bin/squidGuard from 'create' accesses on the Datei BDB26234. time: So 18 Mär 2012 10:32:08 CET description: :SELinux is preventing /usr/bin/squidGuard from 'create' accesses on the Datei BDB26234. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that squidGuard should be allowed create access on the BDB26234 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep squidGuard /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:squid_t:s0 :Target Context system_u:object_r:tmp_t:s0 :Target Objects BDB26234 [ file ] :Source squidGuard :Source Path /usr/bin/squidGuard :Port <Unbekannt> :Host (removed) :Source RPM Packages squidGuard-1.4-9.fc15.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-78.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux (removed) 3.2.10-1.fc16.x86_64 #1 SMP Mon Mar 12 : 22:34:35 UTC 2012 x86_64 x86_64 :Alert Count 7 :First Seen Fr 16 Mär 2012 18:14:25 CET :Last Seen So 18 Mär 2012 10:31:02 CET :Local ID 9f0cb499-7d82-4ad8-a04c-7041461c4dce : :Raw Audit Messages :type=AVC msg=audit(1332063062.137:319): avc: denied { create } for pid=26234 comm="squidGuard" name="BDB26234" scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file : : :type=AVC msg=audit(1332063062.137:319): avc: denied { read write open } for pid=26234 comm="squidGuard" name="BDB26234" dev=dm-1 ino=694 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file : : :type=SYSCALL msg=audit(1332063062.137:319): arch=x86_64 syscall=open success=yes exit=EACCES a0=10737a0 a1=c2 a2=180 a3=12 items=0 ppid=1122 pid=26234 auid=4294967295 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=4294967295 comm=squidGuard exe=/usr/bin/squidGuard subj=system_u:system_r:squid_t:s0 key=(null) : :Hash: squidGuard,squid_t,tmp_t,file,create : :audit2allow : :#============= squid_t ============== :#!!!! The source type 'squid_t' can write to a 'file' of the following types: :# pcscd_var_run_t, squid_var_run_t, squid_cache_t, squid_tmpfs_t, squid_log_t, root_t, krb5_host_rcache_t : :allow squid_t tmp_t:file { read write create open }; : :audit2allow -R : :#============= squid_t ============== :#!!!! The source type 'squid_t' can write to a 'file' of the following types: :# pcscd_var_run_t, squid_var_run_t, squid_cache_t, squid_tmpfs_t, squid_log_t, root_t, krb5_host_rcache_t : :allow squid_t tmp_t:file { read write create open }; :
Does it happen by default or did you configure anything?
Is squidguard using /tmp?
After a quick peek at the source, I don't *think* so.
My /etc/squid/squidGuard.conf contains the following references to directories: dbhome /var/squidGuard/blacklists logdir /var/log/squidGuard ausearch -m avc gives me lots of: type=SYSCALL msg=audit(1321727280.140:91): arch=c000003e syscall=2 success=yes exit=13 a0=287f7a0 a1=c2 a2=180 a3=1 items=0 ppid=1138 pid=3215 auid=4294967295 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=4294967295 comm="squidGuard" exe="/usr/bin/squidGuard" subj=system_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1321727280.140:91): avc: denied { read write open } for pid=3215 comm="squidGuard" name="BDB03215" dev=dm-1 ino=562 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file type=AVC msg=audit(1321727280.140:91): avc: denied { create } for pid=3215 comm="squidGuard" name="BDB03215" scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file
Do you still need info from me? I'm unsure.
cblaauw, What is the content of BDB03215?
I don't know the content of BDB03215, maybe it's a temporary file that squidGuard uses. If I find out the path of the file I can have a look, but right now it is nowhere to find. I think the name changes on every restart of squidGuard. Sorry that I cannot help more. Carsten
Right now the bug does not appear, because I did: grep squidGuard /var/log/audit/audit.log | audit2allow -M mypol semodule -i mypol.pp content of mypol.te: module mypol 1.0; require { type tmp_t; type squid_t; class file { read write create unlink open }; } #============= squid_t ============== #!!!! The source type 'squid_t' can write to a 'file' of the following types: # pcscd_var_run_t, squid_var_run_t, squid_cache_t, squid_tmpfs_t, squid_log_t, root_t, krb5_host_rcache_t allow squid_t tmp_t:file { read write create unlink open };
Miroslav lets add in squid_tmp_t, and allow it.
Added.