SELinux denies access to Squid 3.3 running on Centos 7
 

Hi I recently decided to setup a proxy server for our company using Squid 3.3 on Centos 7.

I thought that having a dedicated hard disk for the cache would be a good idea so I mounted /dev/sdb as /var/spool/squid. I was meticulous ensuring that the permissions and ownership were exactly the same as the mount point /var/log/squid.

When starting squid I got the error:
ERROR opening swap log /var/spool/squid/swap.state:
Permission denied

After much run-around trying to figure out what I'd done wrong I decided to disable SELinux as a stab in the dark. I ran "setenforce 0" and tried to start squid again and bingo it worked.

So I now know that SELinux is interfering with Squid writing to the disk I mounted but I have almost no knowledge about SELinux and how to go about resolving this. I imagine that its a bad idea to leave SELinux in permissive mode.

Any help would be greatly appreciated.

The SELinux security context is not the same, you can see the security context label by using the -Z option, for example: ls -lZ /var/spool/squid

Start by looking at /var/log/messages: grep setroubleshoot /var/log/messages

More then likely you probably just need to run: restorecon -Rv /var/spool/squid.

Watch this tutorial: https://www.youtube.com/watch?v=q_y30qZ_plQ
Watch this tutorial: https://www.youtube.com/watch?v=bQqX3RWn0Yw

Reference: http://wiki.centos.org/HowTos/SELinux

The first thing (admin reflex, really) is to check /var/log/audit/audit.log for clues and act on that:

Thank you for the feedback. I'm going to try what you have suggested.