Ahmad, Sarfaraz
2018-11-30 14:43:30 UTC
I think almost every time squid opens a TCP connection, It also tried to open a raw socket of type AF_NETLINK. Syscall pasted below.
All that I can make sense of this is that Squid is trying to engage with iptables subsystem somehow ?
I have SELinux enforcing and would like to know what Squid is trying to do before figuring out how to allow that.
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 90
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied)
I am using WCCP and TLS interception with Squid 4.0.24 release. Everything works as expected except auditd is getting spammed with denial messages.
type=AVC msg=audit(1543478005.027:49455970): avc: denied { getattr } for pid=13766 comm="squid" scontext=system_u:system_r:squid_t:s0 tcontext=sys
tem_u:system_r:squid_t:s0 tclass=netlink_socket
Any thoughts ?
All that I can make sense of this is that Squid is trying to engage with iptables subsystem somehow ?
I have SELinux enforcing and would like to know what Squid is trying to do before figuring out how to allow that.
socket(AF_INET, SOCK_STREAM, IPPROTO_IP) = 90
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = -1 EACCES (Permission denied)
I am using WCCP and TLS interception with Squid 4.0.24 release. Everything works as expected except auditd is getting spammed with denial messages.
type=AVC msg=audit(1543478005.027:49455970): avc: denied { getattr } for pid=13766 comm="squid" scontext=system_u:system_r:squid_t:s0 tcontext=sys
tem_u:system_r:squid_t:s0 tclass=netlink_socket
Any thoughts ?