The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
squid. Different types allow you to configure flexible access:
This type is used for utilities such as
cachemgr.cgi, which provides a variety of statistics about squid and its configuration.
Use this type for data that is cached by squid, as defined by the
. By default, files created in or copied into
are labeled with the
type. Files for the squidGuard
URL redirector plugin for
created in or copied to
are also labeled with the
type. Squid is only able to use files and directories that are labeled with this type for its cached data.
This type is used for the directories and files that
squid uses for its configuration. Existing files, or those created in or copied to
/usr/share/squid/ are labeled with this type, including error messages and icons.
This type is used for the squid binary,
This type is used for logs. Existing files, or those created in or copied to
/var/log/squidGuard/ must be labeled with this type.
This type is used for the initialization file required to start
squid which is located at
This type is used by files in
/var/run/, especially the process id (PID) named
/var/run/squid.pid which is created by squid when it runs.