[users] clamav/clamd selinux problems
Dag Wieers
dag at wieers.com
Fri Jul 20 08:47:08 CEST 2007
On Thu, 19 Jul 2007, Jan-Frode Myklebust wrote:
> Instead of modifying the selinux policy, I think it would be much better to
> fix the clamd (and the RPM) to use /var/lib/clamav as it's DatabaseDirectory
> (instead of /var/clamav), and use /var/spool/amavisd/clamd.sock as
> LocalSocket (instead of /tmp/clamd.socket). Then the clamd process would be
> properly contained by the RHEL5 selinux policy.
That is a very sensible solution, yes. The problem however is to migrate
clamav users away from the previous setup.
> Quoted in full since it's over a month old :-)
Yeah, I'm still not certain about the path I should follow for
implementing this. So I'd prefer to hold off instead of implementing
something that works for someone without understanding the ramifications.
The more it is being discussed, the sooner I will have something that I'm
confident in.
-- dag wieers, dag at wieers.com, http://dag.wieers.com/ --
[Any errors in spelling, tact or fact are transmission errors]
More information about the users
mailing list