[CentOS] selinux problem with squid and snmp_port in centos 5

Fri Apr 20 06:19:48 UTC 2007
net foss <netfoss at gmail.com>

On 4/19/07, Stefan Held <obi at unixkiste.org> wrote:
> Am Donnerstag, den 19.04.2007, 11:17 +0900 schrieb net foss:
> > Hi all,
>
> su -
>
> cd ~
>
> cp that one:
> > type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102
> > success=no exit=-13 a0=2 a1=bf880060 a2=81109f0 a3=bf88007c items=0
> > ppid=15684 pid=15705 auid=500 uid=23 gid=23 euid=0 suid=0 fsuid=0
> > egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid"
> > subj=user_u:system_r:squid_t:s0 key=(null)
>
> into a file named: squid_snmp_audit.log
>
> run: audit2allow -M squid_snmp -i squid_snmp_audit.log
>
> after that:
>
> semodule -i squid_snmp.pp
>

Thank you very much for you help, Stefan.
Everything I had to do with SELinux in CentOS 4.x (enforcing and
targeted mode) is only changing the context of web contents.
But now several different SELinux problems happen to my
CentOS 5 box. One of them is access denied when squid opens
snmp_port that I have described in previous mail. Another one
is access denied when squirrelmail connects to localhost:imap
(cyrus-imapd server here).  I think that I can apply your
suggested method to solve these problems.

I have another question. Must I make these rules again after
update the policy package or not (i.e. will the next updates of
selinux-policy package overwrite the manually edit rules or not?).

> > Any hint to solve the problem is appreciated.
>
> Greetings
>
> --
>
>  Stefan Held                    VI has only 2 Modes:
>  obi unixkiste org              The first one is for beeping all the time,
>  FreeNode: foo_bar              the second destroys the text.
> ---------------------------------------------------------------------------
> Fedora Ambassador:                 http://fedoraproject.org/wiki/StefanHeld
> ---------------------------------------------------------------------------
> perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
> ---------------------------------------------------------------------------
>     GPG-Keyprint = 75C0 F029 CA71 F061 6C07  0640 38F7 E5F9 4EA5 A385
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
>


-- 
NetFOSS
netfoss at gmail.com