Ok, this seems to be pointing at a problem with the apparmor profile. I'll prepare an update for that.
This is the patch I will be using:
--- etc/apparmor.d/usr.sbin.squid
+++ etc/apparmor.d/usr.sbin.squid
@@ -3,7 +3,7 @@
# vim:syntax=apparmor
#include <tunables/global>
-/usr/sbin/squid {
+/usr/sbin/squid flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/kerberosclient>
#include <abstractions/nameservice>
@@ -18,6 +18,7 @@
# alternatively include the <abstractions/ssl_keys> abstraction, which
# gives read access to the entire contents of /etc/ssl
Ok, this seems to be pointing at a problem with the apparmor profile. I'll prepare an update for that.
This is the patch I will be using: d/usr.sbin. squid d/usr.sbin. squid
--- etc/apparmor.
+++ etc/apparmor.
@@ -3,7 +3,7 @@
# vim:syntax=apparmor
#include <tunables/global>
-/usr/sbin/squid { attach_ disconnected) { kerberosclient> nameservice> ssl_keys> abstraction, which
+/usr/sbin/squid flags=(
#include <abstractions/base>
#include <abstractions/
#include <abstractions/
@@ -18,6 +18,7 @@
# alternatively include the <abstractions/
# gives read access to the entire contents of /etc/ssl
+ capability net_admin,
capability net_raw,
capability setuid,
capability setgid,
If you want to try it, please change /etc/apparmor. d/usr.sbin. squid as per above, and reload it with this command:
sudo apparmor_parser -r -T -W /etc/apparmor. d/usr.sbin. squid