Did you notice you have Write access only to the owner and not the group?
try changing access step by step to make sure like any other permission
problem you will ever see.
- allow user all
- allow group all
- allow all all
etc...
basic permissions tests.
Regards,
Eliezer
On 12/19/2012 2:41 PM, Christophe Marchand wrote:
> Hum... it's difficult to understand...
> After having deleted the cache_swap_log line, and modified the cache_dir
> to /drive/squid_guard, audit.log finish with this :
>
> type=AVC msg=audit(1355919099.367:139918): avc: denied { write } for
> pid=1770 comm="squid" name="squid_cache" dev=dm-2 ino=3145729
> scontext=unconfined_u:system_r:squid_t:s0
> tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir
> type=SYSCALL msg=audit(1355919099.367:139918): arch=c000003e syscall=2
> success=no exit=-13 a0=7f01574b0200 a1=441 a2=1a4 a3=7fff254ad5a0
> items=0 ppid=1742 pid=1770 auid=500 uid=0 gid=23 euid=23 suid=0 fsuid=23
> egid=23 sgid=23 fsgid=23 tty=(none) ses=45 comm="squid"
> exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
>
> uid and gid are :
> [root_at_proxy-new ~]# id root
> uid=0(root) gid=0(root) groupes=0(root)
> [root_at_proxy-new ~]# id squid
> uid=23(squid) gid=23(squid) groupes=23(squid)
>
> It seems that root:squid try to write-access to squid_cache... or I
> misunderstand...
-- Eliezer Croitoru https://www1.ngtech.co.il sip:ngtech_at_sip2sip.info IT consulting for Nonprofit organizations eliezer <at> ngtech.co.ilReceived on Wed Dec 19 2012 - 19:53:16 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 20 2012 - 12:00:05 MST