8.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
squid
. Different types allow you to configure flexible access:
httpd_squid_script_exec_t
- This type is used for utilities such as
cachemgr.cgi
, which provides a variety of statistics about squid and its configuration. squid_cache_t
- Use this type for data that is cached by squid, as defined by the
cache_dir
directive in/etc/squid/squid.conf
. By default, files created in or copied into/var/cache/squid/
and/var/spool/squid/
are labeled with thesquid_cache_t
type. Files for the squidGuard URL redirector plugin forsquid
created in or copied to/var/squidGuard/
are also labeled with thesquid_cache_t
type. Squid is only able to use files and directories that are labeled with this type for its cached data. squid_conf_t
- This type is used for the directories and files that
squid
uses for its configuration. Existing files, or those created in or copied to/etc/squid/
and/usr/share/squid/
are labeled with this type, including error messages and icons. squid_exec_t
- This type is used for the squid binary,
/usr/sbin/squid
. squid_log_t
- This type is used for logs. Existing files, or those created in or copied to
/var/log/squid/
or/var/log/squidGuard/
must be labeled with this type. squid_initrc_exec_t
- This type is used for the initialization file required to start
squid
which is located at/etc/rc.d/init.d/squid
. squid_var_run_t
- This type is used by files in
/var/run/
, especially the process id (PID) named/var/run/squid.pid
which is created by squid when it runs.