[squid-users] Why does Squid4 do socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied) ?
Ahmad, Sarfaraz
Sarfaraz.Ahmad at deshaw.com
Fri Nov 30 14:43:30 UTC 2018
I think almost every time squid opens a TCP connection, It also tried to open a raw socket of type AF_NETLINK. Syscall pasted below.
All that I can make sense of this is that Squid is trying to engage with iptables subsystem somehow ?
I have SELinux enforcing and would like to know what Squid is trying to do before figuring out how to allow that.
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 90
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied)
I am using WCCP and TLS interception with Squid 4.0.24 release. Everything works as expected except auditd is getting spammed with denial messages.
type=AVC msg=audit(1543478005.027:49455970): avc: denied { getattr } for pid=13766 comm="squid" scontext=system_u:system_r:squid_t:s0 tcontext=sys
tem_u:system_r:squid_t:s0 tclass=netlink_socket
Any thoughts ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20181130/e83a0878/attachment.html>
More information about the squid-users
mailing list