Unable to start the squid service in Red Hat Satellite 6
Environment
- Red Hat Satellite 6
- Red Hat Capsule 6
Issue
-
The attempt of starting the squid service fails everytime in Red Hat Satellite 6 . The following messages are being displayed while checking the status of the squid service.
* squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2021-10-27 11:47:39 EDT; 3min 24s ago Process: 11901 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS) Process: 11895 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS) Main PID: 11904 (code=exited, status=1/FAILURE) Oct 27 11:47:35 satellite.example.com (squid-1)[12045]: I don't handle this error well! Oct 27 11:47:35 satellite.example.com squid[11904]: Squid Parent: (squid-1) process 12045 exited with status 1 Oct 27 11:47:38 satellite.example.com squid[11904]: Squid Parent: (squid-1) process 12053 started Oct 27 11:47:39 satellite.example.com (squid-1)[12053]: I don't handle this error well! Oct 27 11:47:39 satellite.example.com squid[11904]: Squid Parent: (squid-1) process 12053 exited with status 1 Oct 27 11:47:39 satellite.example.com squid[11904]: Squid Parent: (squid-1) process 12053 will not be restarted due to repeated, frequent failures Oct 27 11:47:39 satellite.example.com squid[11904]: Exiting due to repeated, frequent failures Oct 27 11:47:39 satellite.example.com systemd[1]: squid.service: main process exited, code=exited, status=1/FAILURE Oct 27 11:47:39 satellite.example.com systemd[1]: Unit squid.service entered failed state. Oct 27 11:47:39 satellite.example.com systemd[1]: squid.service failed.
Resolution
-
Ensure that the directory
/var/log/squidand it's underlying files have the correct permissions, ownership and SELinux context set as displayed below.# ls -ldZ /var/log/squid /var/log/squid/* drwxr-x---. squid squid system_u:object_r:squid_log_t:s0 /var/log/squid -rw-r-----. squid squid system_u:object_r:squid_log_t:s0 /var/log/squid/access.log -rw-r-----. squid squid unconfined_u:object_r:squid_log_t:s0 /var/log/squid/cache.log -rw-r--r--. root root system_u:object_r:squid_log_t:s0 /var/log/squid/squid.out-
If the SELinux context of the
/var/log/squiddirectory is found to be set incorrectly, execute the following commands to fix the same and start back the squid service.# semanage fcontext -a -t squid_log_t "/var/log/squid(/.*)?" # restorecon -R -v /var/log/squid # systemctl restart squid # systemctl status squid -l
-
Root Cause
- An incorrect SELinux context was set to the /var/log/squid/ directory and some of its underlying files.
Diagnostic Steps
-
Following errors were noticed in the
/var/log/messagesfile of the Satellite server while restarting the squid service.Oct 29 11:48:17 satellite systemd: Starting Squid caching proxy... Oct 29 11:48:18 satellite squid: **WARNING: Cannot write log file: /var/log/squid/cache.log** Oct 29 11:48:18 satellite squid: /var/log/squid/cache.log: Permission denied Oct 29 11:48:18 satellite squid: messages will be sent to 'stderr'. Oct 29 11:48:18 satellite kernel: type=1400 audit(1635522498.030:457749): avc: denied { read } for pid=7948 comm="squid" name="cache.log" dev="dm-3" ino=2178 scontext=system_u:system_r:squid_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0 -
After investigating the file
/var/log/squid/cache.logit was observed thatSELinux contextfor the file was set incorrectly i.e. var_log_t but the expected is squid_log_t .# ls -lZ /var/log/squid/cache.log -rwxrw----. squid squid system_u:object_r:var_log_t:s0 /var/log/squid/cache.log
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments