Squid is blocked by selinux when ipv6 disabled using grubby on RHEL9.3

Solution Unverified - Updated -

Issue

  • After ipv6 disable using grubby, squid output the selinux block messges :

    localhost setroubleshoot[2497]: SELinux is preventing /usr/sbin/squid from module_request access on the system labeled 
kernel_t.#012#012*****  Plugin disable_ipv6 (53.1 confidence) suggests   **********************#012#012If you want to disable IPV6 on 
this machine#012Then you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module'#012Do#012add 
#012net.ipv6.conf.all.disable_ipv6 = 1#012to /etc/sysctl.conf#012#012#012*****  Plugin catchall_boolean (42.6 confidence) suggests   
******************#012#012If you want to allow domain to kernel load modules#012Then you must tell SELinux about this by enabling the 
'domain_kernel_load_modules' boolean.#012#012Do#012setsebool -P domain_kernel_load_modules 1#012#012*****  Plugin catchall (5.76 
confidence) suggests   **************************#012#012If you believe that squid should be allowed module_request access on system 
labeled kernel_t by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this 
access.#012Do#012allow this access for now by executing:#012# ausearch -c 'squid' --raw | audit2allow -M my-squid#012# semodule -X 300 
-i my-squid.pp#012

Environment

  • Red Hat Enterprise Linux 9.3
  • squid

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content