The new location of the PID file needs to be added in the bundled
apparmor profile. Without it starting the service will fail with
something like this:
--
AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/squid"
name="/run/squid/squid.pid" pid=64342 comm="squid" requested_mask="c"
denied_mask="c" fsuid=0 ouid=0
...
FATAL: failed to open /run/squid/squid.pid: (13) Permission denied
--
Trivial patch attached.
--- /etc/apparmor.d/usr.sbin.squid.old 2020-05-04 09:57:54.000000000 -0700
+++ /etc/apparmor.d/usr.sbin.squid 2020-05-05 23:44:22.227744533 -0700
@@ -37,7 +37,7 @@
# squid configuration
/etc/squid/** r,
- /{,var/}run/squid.pid rwk,
+ /{,var/}run/{,squid/}squid.pid rwk,
/var/spool/squid{,3}/ r,
/var/spool/squid{,3}/** rwk,
/usr/lib/squid{,3}/* rmix,
