[squid-users] CentOS 6.x and SELinux enforcing with Squid 3.5.x (thanks to Eliezer Croitoru for the RPM)
Walter H.
walter.h at mathemainzel.info
Tue Oct 18 11:02:24 UTC 2016
Hello,
just in case anybody wants to run Squid 3.5.x on CentOS
with SELinux enforcing,
here is the semodule
<squid_update.tt>
module squid_update 1.0;
require {
type squid_conf_t;
type squid_t;
type var_t;
class file { append open read write getattr lock execute_no_trans };
}
#============= squid_t ==============
allow squid_t squid_conf_t:file execute_no_trans;
allow squid_t var_t:file { append open read write getattr lock };
</squid_update.tt>
and do the following:
checkmodule -M -m -o squid_update.mod squid_update.tt
semodule_package -o squid_update.pp -m squid_update.mod
semodule -i squid_update.pp
in case someone wants to throw away the cache, whatever reason;
use this script:
<clearcache.sh>
#!/bin/sh
DIR=/var/spool/squid
service squid stop
mv $DIR $DIR.temp
mkdir $DIR
chcon -t squid_cache_t $DIR
chown squid:squid $DIR
chmod 750 $DIR
squid -N -z
service squid start
rm -fr $DIR.temp
date +"%Y/%m/%d %T| Old Swap Directories removed"
</clearcache.sh>
More information about the squid-users
mailing list