sudah mas, hasil nya ini: Summary:
SELinux is preventing the squid (squid_t) from executing wrapzap. Detailed Description: SELinux has denied the squid from executing wrapzap. If squid is supposed to be able to execute wrapzap, this could be a labeling problem. Most confined domains are allowed to execute files labeled bin_t. So you could change the labeling on this file to bin_t and retry the application. If this squid is not supposed to execute wrapzap, this could signal a intrusion attempt. Allowing Access: If you want to allow squid to execute wrapzap: chcon -t bin_t 'wrapzap' If this fix works, please update the file context on disk, with the following command: semanage fcontext -a -t bin_t 'wrapzap' Please specify the full path to the executable, Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy to make sure this becomes the default labeling. Additional Information: Source Context unconfined_u:system_r:squid_t:s0 Target Context unconfined_u:object_r:usr_t:s0 Target Objects wrapzap [ file ] Source squid Source Path /usr/sbin/squid Port <Unknown> Host localhost Source RPM Packages squid-3.0.STABLE13-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-39.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name execute Host Name localhost Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP Wed May 27 17:28:22 EDT 2009 i686 i686 Alert Count 155 First Seen Wed May 19 08:37:50 2010 Last Seen Wed May 19 09:13:07 2010 Local ID 5584bdec-a033-4766-993d-3d562a04a4e4 Line Numbers Raw Audit Messages node=localhost type=AVC msg=audit(1274235187.82:25439): avc: denied { execute } for pid=8528 comm="squid" name="wrapzap" dev=sda6 ino=94245 scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file node=localhost type=SYSCALL msg=audit(1274235187.82:25439): arch=40000003 syscall=11 success=no exit=-13 a0=2c666e0 a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528 auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 sgid=23 fsgid=23 tty=(none) ses=1 comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) end kalo selinux nya di disabled apa pengaruh nya mas? cara men disabled selinux gmana mas?? maaf, masih baru nyoba.. thank, bwt info nya mas ----- Original Message ----- From: "aditya hilman" <[email protected]> To: [email protected] Sent: Wednesday, May 19, 2010 2:54:05 PM GMT +07:00 Bangkok, Hanoi, Jakarta Subject: Re: [tanya-jawab] squish on fedora 11 2010/5/19 Adi Pane <[email protected]>: > ada yang punya tutorial untuk menerapkan penggunaan squish pada fedora 11? > > saya sudah coba dengan cara seperti ini: > > [r...@master root]# tar xzvf adzap-20080508.tar.gz –C /usr/local/squid > [r...@master root]# cd /usr/local/squid/adzap > [r...@master root]# cd scripts > [r...@master root]# vi wrapzap > Ubah parameter > zapper=/usr/local/squid/adzap/scripts/squid_redirect > [r...@master root]# cd /usr/local/squid/etc > [r...@master root]# vi squid.conf > tambahkan parameter dibawah ini > redirect_program /usr/local/squid/adzap/scripts/wrapzap > [r...@master root]# /usr/local/squid/sbin/squid –k reconfigure > > > tapi tetap aja gak bisa. > errornya: > #tail /var/log/messages > May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid > (squid_t) from executing wrapzap. For complete SELinux messages. run sealert > -l 5584bdec-a033-4766-993d-3d562a04a4e4 > May 19 09:13:00 localhost setroubleshoot: SELinux is preventing the squid > (squid_t) from executing wrapzap. For complete SELinux messages. run sealert > -l 5584bdec-a033-4766-993d-3d562a04a4e4 > May 19 09:13:03 localhost squid[8422]: Squid Parent: child process 8509 > started > May 19 09:13:03 localhost (squid): The redirector helpers are crashing too > rapidly, need help! > > > trus yang command "# /usr/local/squid/sbin/squid –k reconfigure" gak bisa > dijalankan > karena foldernya gak ada.. > apa dibuat manual? > > > help pliss.... > > > > > > -- > Adi Pane > [email protected] > > > -- > FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab > Unsubscribe: kirim email ke [email protected] > Arsip dan info milis selengkapnya di http://linux.or.id/milis > > sudah jalankan ini ? sealert -l 5584bdec-a033-4766-993d-3d562a04a4e4 nanti dikasih liat disuruh menjalankan apa.. Kalau selinux nya tidak ingin digunakan di disabled saja. -- Regards, Adit http://simplyaddo.web.id ym : science2rule hp : 08561749716 -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis -- Adi Pane [email protected] -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke [email protected] Arsip dan info milis selengkapnya di http://linux.or.id/milis
