[squid-users] Squid 3.5.9 RPM are available

Wed Sep 30 19:27:07 UTC 2015

Hello,

can you do a little test for me?

can you please try the following acl

acl block_as4837 dst_as 4837
http_access deny block_as4837

and then try in a browser
http://sudo.ml

Thanks,
Walter

On 30.09.2015 18:45, Veiko Kukk wrote:
> On 30/09/15 18:27, Veiko Kukk wrote:
>> I'm sorry, should have provided operating system version with my first
>> post. It is CentOS 6.7 with latest updates.
>>
>> Sure, when changing selinux to permissive mode, it works. I have not had
>> time meanwhile to find out what are the required minimal selinux changes
>> required, probably allowing squid to write to /dev/shm.
>
> If somebody has the same problem, and happens to read mailinglist 
> archive, this is the solution. My guess about /dev/shm was true,
>
> # grep squid /var/log/audit/audit.log| audit2allow -a
> #============= squid_t ==============
> #!!!! The source type 'squid_t' can write to a 'dir' of the following 
> types:
> # squid_log_t, var_log_t, var_run_t, pcscd_var_run_t, squid_var_run_t, 
> squid_cache_t, tmp_t, cluster_var_lib_t, cluster_var_run_t, root_t, 
> krb5_host_rcache_t, cluster_conf_t
>
> allow squid_t tmpfs_t:dir { write remove_name add_name };
> allow squid_t tmpfs_t:file { create unlink };
> allow squid_t user_tmpfs_t:file { read write };
>
> If you agree with offered rights, create custom module and load it.
>
> # grep squid /var/log/audit/audit.log| audit2allow -a -M mysquid
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
>
> # semodule -i mysquid.pp
>
> And now squid 3.5.9 on CentOS 6.7 works with selinux enforced mode.
>
> Veiko

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150930/4386ee3e/attachment-0001.bin>