Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
19.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Squid. Different types allow you to configure flexible access:
httpd_squid_script_exec_t
- This type is used for utilities such as
cachemgr.cgi
, which provides a variety of statistics about Squid and its configuration. squid_cache_t
- Use this type for data that is cached by Squid, as defined by the
cache_dir
directive in/etc/squid/squid.conf
. By default, files created in or copied into the/var/cache/squid/
and/var/spool/squid/
directories are labeled with thesquid_cache_t
type. Files for the squidGuard URL redirector plug-in forsquid
created in or copied to the/var/squidGuard/
directory are also labeled with thesquid_cache_t
type. Squid is only able to use files and directories that are labeled with this type for its cached data. squid_conf_t
- This type is used for the directories and files that Squid uses for its configuration. Existing files, or those created in or copied to the
/etc/squid/
and/usr/share/squid/
directories are labeled with this type, including error messages and icons. squid_exec_t
- This type is used for the
squid
binary,/usr/sbin/squid
. squid_log_t
- This type is used for logs. Existing files, or those created in or copied to
/var/log/squid/
or/var/log/squidGuard/
must be labeled with this type. squid_initrc_exec_t
- This type is used for the initialization file required to start
squid
which is located at/etc/rc.d/init.d/squid
. squid_var_run_t
- This type is used by files in the
/var/run/
directory, especially the process id (PID) named/var/run/squid.pid
which is created by Squid when it runs.