Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In RedHat derivatives, it should work out of the box, but there are a number of booleans you could try (see /selinux/booleans). Chief amongst those is probably squid_disable_trans, which effectively turns selinux off for squid.
You use it by "setsebool -P squid_disable_trans 1"
The default Tresys policy should support Squid. If you installed Squid from a CentOS repo RPM it Should Just Work. Posting actual AVC messages and Squid error messages might help people here understand *why* it's failing. Instead of disabling SE Linux for Squid by setting squid_disable_trans, I'd search LQ for threads about adding SE Linux rules to build a local policy or build a policy for Squid yourself. It isn't that hard and if you could do with some help just ask.
The default Tresys policy should support Squid. If you installed Squid from a CentOS repo RPM it Should Just Work. Posting actual AVC messages and Squid error messages might help people here understand *why* it's failing. Instead of disabling SE Linux for Squid by setting squid_disable_trans, I'd search LQ for threads about adding SE Linux rules to build a local policy or build a policy for Squid yourself. It isn't that hard and if you could do with some help just ask.
As I have mentioned earlier that I don't know about selinux and its rules.
I will read about it. I am using Red Hat Enterprise AS 4 and squid stable 2.5 stable 6.
If you can help me in writing rules for squid in selinux I would be thankful.
I am using Red Hat Enterprise AS 4 and squid stable 2.5 stable 6. If you can help me in writing rules for squid in selinux I would be thankful.
I'm kind of familiar with SE Linux, but unfortunately not with RHEL-4 policy.
Generally speaking there's two possibilities: Squid runs in it's own "domain" (it already has some policy rules configured) but misses some. In that case, and if you run Auditd, you should be able to use AVC messages to adjust your local policy. For example if your Squid binary is just called "squid", then running 'grep "AVC.*squid" /var/log/audit/audit.log|audit2allow' should output to stdout a set of rules with which to build a local policy file. The other possibility (not in your case I guess) is that Squid runs in the "unconfined domain" and you would want it to run in its own domain. In that case being able to install and run policycoreutils and policycoreutils-gui could make things a lot easier.
For now let's see what 'grep "AVC.*squid" /var/log/audit/audit.log|audit2allow' shows.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
