The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with Squid. Different types allow you to configure flexible access:
This type is used for utilities such as
cachemgr.cgi, which provides a variety of statistics about Squid and its configuration.
Use this type for data that is cached by Squid, as defined by the
. By default, files created in or copied into the
directories are labeled with the
type. Files for the squidGuard
URL redirector plug-in for
created in or copied to the
directory are also labeled with the
type. Squid is only able to use files and directories that are labeled with this type for its cached data.
This type is used for the directories and files that Squid uses for its configuration. Existing files, or those created in or copied to the
/usr/share/squid/ directories are labeled with this type, including error messages and icons.
This type is used for the
This type is used for logs. Existing files, or those created in or copied to
/var/log/squidGuard/ must be labeled with this type.
This type is used for the initialization file required to start
squid which is located at
This type is used by files in the
/var/run/ directory, especially the process id (PID) named
/var/run/squid.pid which is created by Squid when it runs.