Dear All,
Your guidance is required. Please help.
It looks that squid process run by default as a confined process whether its a compiled version or a version that come with the linux distro. It means that the squid software is SELINUX aware.Am i right?
[root_at_squidLhr ~]# ps -eZ | grep squid
system_u:system_r:squid_t 3173 ? 00:00:00 squid
system_u:system_r:squid_t 3175 ? 00:00:00 squid
system_u:system_r:squid_t 3177 ? 00:00:00 squid
system_u:system_r:squid_t 3179 ? 00:00:00 squid
system_u:system_r:squid_t 3222 ? 00:00:00 unlinkd
system_u:system_r:squid_t 3223 ? 00:00:00 unlinkd
it was successful before i changed the selinux to enforcing.Now i even cannot start squid process that access the parent at localhost(3128) manually even. The other process starts normally if i do manually.
When running as an unconfined process by the following command the problem had resolved
chcon -t unconfined_exec_t /usr/sbin/squid
However it doesnot feel appropriate to me. Please guide me on this.
I am starting squid with the following init script if it has something to do with the problem:
#!/bin/sh
#
#my script
case "$1" in
start)
/usr/sbin/squid -D -sYC -f /etc/squid/squidcache.conf
/usr/sbin/squid -D -sYC -f /etc/squid/squid.conf
#The below line is to automatically start apache with system startup
/usr/sbin/httpd -k start
#KRB5_KTNAME=/etc/squid/HTTP.keytab
#export KRB5_KTNAME
#KRB5RCACHETYPE=none
#export KRB5RCACHETYPE
;;
stop)
/usr/sbin/squid -k shutdown -f /etc/squid3/squidcache.conf
echo "Shutting down squid secondary process"
/usr/sbin/squid -k shutdown -f /etc/squid3/squid.conf
echo "Shutting down squid main process"
# The below line is to automatically stop apache at system shutdown
/usr/sbin/httpd -k stop
;;
esac
Thanking you & regards,
Bilal
----------------------------------------
> From: gigoz_at_msn.com
> To: squid-users_at_squid-cache.org
> Date: Tue, 18 May 2010 06:02:35 +0000
> Subject: [squid-users] SELINUX issue
>
>
> Hi all,
>
> When i change SELINUX from permissive mode to Enforcing mode. My multiple instance setup fail to start. Please guide how to overcome this.
>
> -----------------------Excerpts from cache.log-----------------
>
> 2010/05/18 10:31:51| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:51| Store rebuilding is 7.91% complete
> 2010/05/18 10:31:52| Done reading /var/spool/squid swaplog (51794 entries)
> 2010/05/18 10:31:52| Finished rebuilding storage from disk.
> 2010/05/18 10:31:52| 51794 Entries scanned
> 2010/05/18 10:31:52| 0 Invalid entries.
> 2010/05/18 10:31:52| 0 With invalid flags.
> 2010/05/18 10:31:52| 51794 Objects loaded.
> 2010/05/18 10:31:52| 0 Objects expired.
> 2010/05/18 10:31:52| 0 Objects cancelled.
> 2010/05/18 10:31:52| 0 Duplicate URLs purged.
> 2010/05/18 10:31:52| 0 Swapfile clashes avoided.
> 2010/05/18 10:31:52| Took 1.13 seconds (45641.00 objects/sec).
> 2010/05/18 10:31:52| Beginning Validation Procedure
> 2010/05/18 10:31:52| Completed Validation Procedure
> 2010/05/18 10:31:52| Validated 103614 Entries
> 2010/05/18 10:31:52| store_swap_size = 913364
> 2010/05/18 10:31:52| storeLateRelease: released 0 objects
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| Detected DEAD Parent: 127.0.0.1
> 2010/05/18 10:31:52| TCP connection to 127.0.0.1/3128 failed
> 2010/05/18 10:31:52| Failed to select source for 'http://1.channel19.facebook.com/p'
> 2010/05/18 10:31:52| always_direct = 0
> 2010/05/18 10:31:52| never_direct = 1
> 2010/05/18 10:31:52| timedout = 0
> 2010/05/18 10:31:57| Failed to select source for 'http://0.channel19.facebook.cm
>
> --------------------------------------------------------------------------------------------
>
>
> regards,
>
> Bilal
> _________________________________________________________________
> Hotmail: Trusted email with powerful SPAM protection.
> https://signup.live.com/signup.aspx?id=60969
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
Received on Tue May 18 2010 - 07:47:38 MDT
This archive was generated by hypermail 2.2.0 : Tue May 18 2010 - 12:00:05 MDT