LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-11-2014, 11:08 AM   #1
hmcarthur
LQ Newbie
 
Registered: Nov 2014
Location: South Africa
Distribution: Centos
Posts: 5

Rep: Reputation: Disabled
Question SELinux denies access to Squid 3.3 running on Centos 7


Hi I recently decided to setup a proxy server for our company using Squid 3.3 on Centos 7.

I thought that having a dedicated hard disk for the cache would be a good idea so I mounted /dev/sdb as /var/spool/squid. I was meticulous ensuring that the permissions and ownership were exactly the same as the mount point /var/log/squid.

When starting squid I got the error:
ERROR opening swap log /var/spool/squid/swap.state:
Permission denied

After much run-around trying to figure out what I'd done wrong I decided to disable SELinux as a stab in the dark. I ran "setenforce 0" and tried to start squid again and bingo it worked.

So I now know that SELinux is interfering with Squid writing to the disk I mounted but I have almost no knowledge about SELinux and how to go about resolving this. I imagine that its a bad idea to leave SELinux in permissive mode.

Any help would be greatly appreciated.
 
Old 11-12-2014, 11:52 PM   #2
nbritton
Member
 
Registered: Jun 2013
Location: Dubuque, IA
Distribution: Red Hat Enterprise Linux, Mac OS X, Ubuntu, Fedora, FreeBSD
Posts: 87

Rep: Reputation: Disabled
The SELinux security context is not the same, you can see the security context label by using the -Z option, for example: ls -lZ /var/spool/squid

Start by looking at /var/log/messages: grep setroubleshoot /var/log/messages

More then likely you probably just need to run: restorecon -Rv /var/spool/squid.

Watch this tutorial: https://www.youtube.com/watch?v=q_y30qZ_plQ
Watch this tutorial: https://www.youtube.com/watch?v=bQqX3RWn0Yw

Reference: http://wiki.centos.org/HowTos/SELinux

Last edited by nbritton; 11-13-2014 at 12:27 AM.
 
Old 11-13-2014, 02:28 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Quote:
Originally Posted by hmcarthur View Post
So I now know that SELinux is interfering with Squid writing to the disk I mounted but I have almost no knowledge about SELinux and how to go about resolving this. I imagine that its a bad idea to leave SELinux in permissive mode.
The first thing (admin reflex, really) is to check /var/log/audit/audit.log for clues and act on that:
Code:
# Generic:
audit2allow < /var/log/audit/audit.log
# specific:
grep squid /var/log/audit/audit.log | audit2allow
 
Old 11-16-2014, 12:53 PM   #4
hmcarthur
LQ Newbie
 
Registered: Nov 2014
Location: South Africa
Distribution: Centos
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thank you for the feedback. I'm going to try what you have suggested.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Error in CentOS 6 squid access log nishith Linux - Server 1 01-06-2012 01:08 PM
Running squid (w/ dansguardian) on centos 5.2 blocking all google searches bsd13 Linux - Software 0 07-31-2008 12:45 PM
SELinux denies access - Can't send my first email ElijahDaniel Linux - Security 2 12-17-2007 02:48 AM
squid denies access to clients Ronin_tekorei Linux - Server 9 05-11-2007 10:35 PM
Squid denies everything ryhackl Linux - Networking 3 06-11-2003 04:42 AM


All times are GMT -5. The time now is 12:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration