The other process starts normally if i do manually. > it was successful before i changed the selinux to enforcing.Now i even cannot start squid process that access the parent at localhost(3128) manually even. It means that the squid software is SELINUX aware.Am i right? > It looks that squid process run by default as a confined process whether its a compiled version or a version that come with the linux distro. > You can also try to restore selinux context for all squid files: > or cat /var/log/audit/audit.log | audit2allow > As i see you have squid_kerb_plugin, you should have compile you squid > If you compile your squid and installed it, you will have to change > If squid is installed with yum, squid will be started with a squid_t > ps -Z => squid_t and getenforce => enforcing > From: > To: > Subject: Re: SELINUX issue(confined>unconfined) I have used this command chcon -t unconfined_exec_t /usr/sbin/squid and its working now. > I think it is better to build a selinux module for our squid. > It you update your selinux policy, changement will not be persistent. > But i am not sure modifing this file is the best way. > Then restore context (with restorecon or. > /usr/local/squid/var -d system_u:object_r:var_t:s0 > /usr/local/squid -d system_u:object_r:bin_t:s0 > /usr/local/squid/libexec(/.*)? system_u:object_r:lib_t:s0 > /usr/local/squid/var/logs/squid\.pid - system_u:object_r:squid_var_run_t:s0 > /usr/local/squid/sbin/squid - system_u:object_r:squid_exec_t:s0 > /usr/local/squid/var/cache(/.*)? system_u:object_r:squid_cache_t:s0 > /usr/local/squid/share(/.*)? system_u:object_r:squid_conf_t:s0 > /usr/local/squid/var/logs(/.*)? system_u:object_r:squid_log_t:s0 > /usr/local/squid/etc(/.*)? system_u:object_r:squid_conf_t:s0 > /etc/selinux/targeted/contexts/files/file_contexts and adapt it to my ![]() > I installed squid in /usr/local/squid but I had to modify > I have also worked on a similar project (squid/kerberos/selinux). > From: > To: > CC: > Subject: Re: SELINUX issue(confined>unconfined) ![]() However i am also thinking of running SELinux in permissive mode for my proxy server. Is not currently supported by selinux policy on redhat-like systems. I suggest you to spend some time on selinux, it can realy increase theīut you will need to build a policy module for squid_kerb_auth witch Permissive mode only in order to get all access denied log inĪudit.log in order to build policy module or adjust filecontexts. (it will not forbid unauthorized access). there’s still lots of features missing, like for example you cannot restrict the app on portrait mode.Īll in all, I’m pretty happy with it and with the Supabase integration, I don’t even have to pay for my SQL backend anymore.In permissive mode, you only get log, but selinux will not be active.I miss the search functionality that Xojo has. the larger the project got, the more I was trying to locate things and that really becomes a pain.Although I have to say I haven’t used the custom code functionalities all that much. for professionals, it might be a tad limited as to what it can do.it’s a hobby for me, I don’t have to earn money with it. ![]() Took me 1.5 months vs 6 months to build the same in FlutterFlow (and that’s with zero previous experience in FlutterFlow or even Flutter). I had started developing an application in Xojo back in December.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |