[CentOS] selinux problem with squid and snmp_port in centos 5

net foss

netfoss at gmail.com
Thu Apr 19 02:17:10 UTC 2007


Hi all,

Just want to enable squid's SNMP support to get information about
its perfomance through snmp client. I set "snmp_port 3401" in squid.conf
SELinux is in enforcing state with targeted policy.
But squid daemon doesn't start. There are some messages in audit.log
like
type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102
success=no exit=-13 a0=2 a1=bf880060 a2=81109f0 a3=bf88007c items=0
ppid=15684 pid=15705 auid=500 uid=23 gid=23 euid=0 suid=0 fsuid=0
egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=user_u:system_r:squid_t:s0 key=(null)

Note that squid can run if I make one of two following changes
1) switch selinux to permissive (setenfoce 0), and keep snmp_port 3401
in squid.conf
2) keep selinux in enforcing state, and disable snmp_port in squid.conf

This problem happens in CentOS 5. The same configuration
(i.e. selinux enforcing, and snmp_port 3401) works well in 4.4.

Any hint to solve the problem is appreciated.

-- 
NetFOSS
netfoss at gmail.com



More information about the CentOS mailing list