Hi Tsuyoshi, The /home/squid dir have the user_u:object_r:squid_cache_t The /home dir have the system_u:object_r:home_root_t This seems that only can be achieved via audit2allow? A lot of thks for your fast reply. Regards. El 01/02/11 02:29, Tsuyoshi Nagata escribió: > Hi Mrcos > (2011/02/01 0:31), Marcos Lois Bermúdez wrote: >> semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' >> >> i check the files and are in the good context: >> >> drwxr-xr-x squid squid user_u:object_r:squid_cache_t . > **> drwxr-xr-x squid squid system_u:object_r:home_root_t .. >> drwxr-x--- squid squid user_u:object_r:squid_cache_t 00 >> drwxr-x--- squid squid user_u:object_r:squid_cache_t 01 >> ... >> >> But when i want start it i get this: >> >> type=AVC msg=audit(1296442326.932:739661): avc: denied { search } >> for pid=30924 comm="squid" name="/" dev=sda3 ino=2 >> scontext=user_u:system_r:squid_t:s0 >> tcontext=system_u:object_r:home_root_t:s0 tclass=dir > > [root at localhost ~]# audit2allow -m squid > type=AVC msg=audit(1296442326.932:739661): avc: denied { search } > for pid=30924 comm="squid" name="/" dev=sda3 ino=2 > scontext=user_u:system_r:squid_t:s0 > tcontext=system_u:object_r:home_root_t:s0 tclass=dir > Ctl-D > module squid 1.0; > > require { > type home_root_t; > type squid_t; > class dir search; > } > > #============= squid_t ============== > allow squid_t home_root_t:dir search; > [root at localhost ~]# > > > It seems the directory '/home/squid' has 'home_root_t' type. > Change it to 'squid_cache_t' > # chcon -u system_u -r object_r -t squid_cache_t /home/squid > > --Tsuyoshi. > >