19.2. Types

The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Squid. Different types allow you to configure flexible access:
httpd_squid_script_exec_t
This type is used for utilities such as cachemgr.cgi, which provides a variety of statistics about Squid and its configuration.
squid_cache_t
Use this type for data that is cached by Squid, as defined by the cache_dir directive in /etc/squid/squid.conf. By default, files created in or copied into the /var/cache/squid/ and /var/spool/squid/ directories are labeled with the squid_cache_t type. Files for the squidGuard URL redirector plug-in for squid created in or copied to the /var/squidGuard/ directory are also labeled with the squid_cache_t type. Squid is only able to use files and directories that are labeled with this type for its cached data.
squid_conf_t
This type is used for the directories and files that Squid uses for its configuration. Existing files, or those created in or copied to the /etc/squid/ and /usr/share/squid/ directories are labeled with this type, including error messages and icons.
squid_exec_t
This type is used for the squid binary, /usr/sbin/squid.
squid_log_t
This type is used for logs. Existing files, or those created in or copied to /var/log/squid/ or /var/log/squidGuard/ must be labeled with this type.
squid_initrc_exec_t
This type is used for the initialization file required to start squid which is located at /etc/rc.d/init.d/squid.
squid_var_run_t
This type is used by files in the /var/run/ directory, especially the process id (PID) named /var/run/squid.pid which is created by Squid when it runs.