Hello All,
Francesco Ranieri wrote:
>
> Do you know selinux ? I read that "context=system_u:system_r:initrc_t"
> and i suppose it belongs to selinux, if you know what selinux is you
> can try to disable it and see if on reboot the original squid script
> works. If you don't know selinux, i suppose you can disable it
> changing the file /etc/sysconfig/selinux or /etc/selinux/config. If
> you don't find these files try an "updatedb && locate selinux". If
> those files exist change the "SELINUX=enforcing" variable setting and
> reboot. To check if selinux is enabled you can try also with
> "selinuxenabled;echo $?" if it returns 0 it's enabled. If you want to
> use selinux i suppose you'll have to modify the policies.
>
> Best Regards
> Francesco Ranieri
I think I have finally made a breakthrough thanks to Francesco.
Changing "SELINUX=enforcing" to "SELINUX=permissive" (displays warnings
instead of blocking) now allows squid to launch squidGuard at boot!
I haven't yet tested it fully but it does at least start the processes.
(I now have to go back and undo all the things I did when testing it and
try it from a standard set-up - groan).
Does anyone here know SELinux? I would like - eventually - to be able to
have it running with SELinux enabled. If someone could help me with this
(or point me to someone who can) then I will volunteer to write a How-To
for other users of squidGuard with Fedora Core 4+ (where SELinux is
enabled by default).
I still have much testing and set-up to do - so I am not finished yet -
but I would like to take this opportunity to thank everyone on these two
lists for all their help. Even after a couple of years of using Linux I
am still impressed by the unstinting devotion of the community, and its
members' willingness to give of their time and knowledge so freely to
help others. Thank You.
Mark
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:02 MST