Manual Reference Pages  - squid_selinux (8)

NAME

squid_selinux - Security-Enhanced Linux Policy for the squid daemon

CONTENTS

Booleans
Author  

DESCRIPTION

Security-Enhanced Linux (SELinux) secures the squid server via flexible mandatory access control.

SHARING FILES

In order to share files with multiple domains (such as Apache, FTP, rsync, or Samba), a file context of public_content_t and public_content_rw must be set. This context allows any of the above domains to read the content. To allow a particular domain to write to the public_content_rw_t domain, set the relevant allow_DOMAIN_anon_write boolean. For example, to configure the squid web content, run the following command as root:

setsebool -P allow_httpd_squid_script_anon_write=1

BOOLEANS

In Red Hat Enterprise Linux 5, you can disable SELinux protection for individual daemons. In case of squid, you can set the squid_disable_trans boolean to "on":
setsebool -P squid_disable_trans 1
Squid listens on the 3128/tcp port by default. If you need squid to be able to listen on a different port, you can set the squid_connect_any boolean to "on":
setsebool -P squid_connect_any 1
Note that you can also use the system-config-securitylevel utility that allows you to customize SELinux policy settings in the graphical user interface.
 

AUTHOR

This manual page was written by Miroslav Grepl <mgrepl@redhat.com>.

SEE ALSO

selinux(8), squid(1), setsebool(8)


mgrepl@redhat.com squid_selinux (8) 1 Jun 2011
blog comments powered by Disqus