squid_selinux - Security-Enhanced Linux Policy for the squid daemon
Security-Enhanced Linux (SELinux) secures the squid server via flexible mandatory access control.
In order to share files with multiple domains (such as Apache, FTP, rsync, or Samba), a file context of public_content_t and public_content_rw must be set. This context allows any of the above domains to read the content. To allow a particular domain to write to the public_content_rw_t domain, set the relevant allow_DOMAIN_anon_write boolean. For example, to configure the squid web content, run the following command as root:
setsebool -P allow_httpd_squid_script_anon_write=1
In Red Hat Enterprise Linux 5, you can disable SELinux protection for individual daemons. In case of squid, you can set the squid_disable_trans boolean to "on":
setsebool -P squid_disable_trans 1
Squid listens on the 3128/tcp port by default. If you need squid to be able to listen on a different port, you can set the squid_connect_any boolean to "on":
setsebool -P squid_connect_any 1
Note that you can also use the system-config-securitylevel utility that allows you to customize SELinux policy settings in the graphical user interface.
This manual page was written by Miroslav Grepl <firstname.lastname@example.org>.
selinux(8), squid(1), setsebool(8)
|email@example.com||squid_selinux (8)||1 Jun 2011|