squid_selinux(8) squid SELinux Policy documentation squid_selinux(8)NAMEsquid_selinux - Security-Enhanced Linux Policy for the squid daemon
DESCRIPTION
Security-Enhanced Linux (SELinux) secures the squid server via flexible
mandatory access control.
SHARING FILES
In order to share files with multiple domains (such as Apache, FTP,
rsync, or Samba), a file context of public_content_t and public_con‐
tent_rw must be set. This context allows any of the above domains to
read the content. To allow a particular domain to write to the pub‐
lic_content_rw_t domain, set the relevant allow_DOMAIN_anon_write bool‐
ean. For example, to configure the squid web content, run the following
command as root:
setsebool -P allow_httpd_squid_script_anon_write=1
BOOLEANS
In Red Hat Enterprise Linux 5, you can disable SELinux protection for
individual daemons. In case of squid, you can set the squid_dis‐
able_trans boolean to "on":
setsebool -P squid_disable_trans 1
Squid listens on the 3128/tcp port by default. If you need squid to be
able to listen on a different port, you can set the squid_connect_any
boolean to "on":
setsebool -P squid_connect_any 1
Note that you can also use the system-config-securitylevel utility that
allows you to customize SELinux policy settings in the graphical user
interface.
AUTHOR
This manual page was written by Miroslav Grepl <mgrepl@redhat.com>.
SEE ALSOselinux(8), squid(1), setsebool(8)mgrepl@redhat.com 1 Jun 2011 squid_selinux(8)