Hum... it's difficult to understand...
After having deleted the cache_swap_log line, and modified the cache_dir
to /drive/squid_guard, audit.log finish with this :
type=AVC msg=audit(1355919099.367:139918): avc: denied { write } for
pid=1770 comm="squid" name="squid_cache" dev=dm-2 ino=3145729
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir
type=SYSCALL msg=audit(1355919099.367:139918): arch=c000003e syscall=2
success=no exit=-13 a0=7f01574b0200 a1=441 a2=1a4 a3=7fff254ad5a0
items=0 ppid=1742 pid=1770 auid=500 uid=0 gid=23 euid=23 suid=0 fsuid=23
egid=23 sgid=23 fsgid=23 tty=(none) ses=45 comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
uid and gid are :
[root_at_proxy-new ~]# id root
uid=0(root) gid=0(root) groupes=0(root)
[root_at_proxy-new ~]# id squid
uid=23(squid) gid=23(squid) groupes=23(squid)
It seems that root:squid try to write-access to squid_cache... or I
misunderstand...
So, I've chowned -R root:squid /drive/squid_cache, and results are now :
[root_at_proxy-new drive]# ls -al /drive/
total 28
drwxr-xr-x. 4 root root 4096 18 déc. 10:23 .
dr-xr-xr-x. 27 root root 4096 18 déc. 11:29 ..
drwx------. 2 root root 16384 18 déc. 08:41 lost+found
drwxr-xr-x. 66 root squid 4096 18 déc. 10:31 squid_cache
cache.log :
2012/12/19 13:33:01| Starting Squid Cache version 3.1.10 for
x86_64-redhat-linux-gnu...
2012/12/19 13:33:01| Process ID 2144
2012/12/19 13:33:01| With 1024 file descriptors available
2012/12/19 13:33:01| Initializing IP Cache...
2012/12/19 13:33:01| DNS Socket created at [::], FD 7
2012/12/19 13:33:01| DNS Socket created at 0.0.0.0, FD 8
2012/12/19 13:33:01| Adding domain lan from /etc/resolv.conf
2012/12/19 13:33:01| Adding domain lan from /etc/resolv.conf
2012/12/19 13:33:01| Adding nameserver 192.168.1.254 from /etc/resolv.conf
2012/12/19 13:33:01| User-Agent logging is disabled.
2012/12/19 13:33:01| Referer logging is disabled.
2012/12/19 13:33:01| Unlinkd pipe opened on FD 12
2012/12/19 13:33:01| Local cache digest enabled; rebuild/rewrite every
3600/3600 sec
2012/12/19 13:33:01| Store logging disabled
2012/12/19 13:33:01| Swap maxSize 352321536 + 1048576 KB, estimated
27182316 objects
2012/12/19 13:33:01| Target number of buckets: 1359115
2012/12/19 13:33:01| Using 2097152 Store buckets
2012/12/19 13:33:01| Max Mem size: 1048576 KB
2012/12/19 13:33:01| Max Swap size: 352321536 KB
2012/12/19 13:33:01| /drive/squid_cache/swap.state: (13) Permission denied
FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
Squid Cache (Version 3.1.10): Terminated abnormally.
CPU Usage: 0.018 seconds = 0.017 user + 0.001 sys
Maximum Resident Size: 36832 KB
Page faults with physical i/o: 0
audit.log :
No change...
Best regards,
Christophe
Le 19/12/2012 10:36, John Doe a écrit :
> From: Christophe Marchand <cmarchand_at_oxiane.com>
>
>> I have the following problem : when I do not declare a cache dir, my squid
>> starts correctly and runs perfectly. When I uncomment the cache_dir line, it
>> fails with this message :
>> 2012/12/18 11:31:18| /var/cache/squid/.00: (13) Permission denied
>> FATAL: commonUfsDirOpenSwapLog: Failed to open swap log.
>>
>> My squid.conf is :
>> cache_dir aufs /drive/squid_cache/ 344064 64 64
>> coredump_dir /var/spool/squid
>> access_log none
>> cache_store_log none
>> cache_swap_log /var/cache/squid/
>>
>> ls -al /var/cache returns this :
>> drwxrw-r--. 2 squid squid 4096 18 déc. 10:56 squid
>>
>> ps -ef | grep squid does not show a squid running
> Is SElinux enabled...?
> If so, checked in /var/log/audit/audit.log ?
>
> JD
>
Received on Wed Dec 19 2012 - 12:41:25 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 20 2012 - 12:00:05 MST