[users] clamav/clamd selinux problems
Rodrigo Barbosa
rodrigob at darkover.org
Thu Jun 14 18:52:07 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
While trying to use rf's packages for clamav/clamd on a CentOS 5
box with selinux (targeted) enabled, I ran into several problems.
These problems where solved with the following type enforcement file.
Hope you find it useful.
===CUT===
module clamd 1.0.2;
require {
class dir { read search write add_name };
class file { read write create getattr lock };
class sock_file { create };
type auditd_log_t;
type clamd_t;
type semanage_t;
type sysctl_kernel_t;
type useradd_t;
type var_log_t;
type var_t;
type tmp_t;
role system_r;
};
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow semanage_t auditd_log_t:dir search;
allow useradd_t var_log_t:file { read write };
allow clamd_t var_t:dir { read write add_name};
allow clamd_t tmp_t:sock_file create;
allow clamd_t var_t:file { create getattr lock write read };
===CUT===
- --
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGcXI3pdyWzQ5b5ckRAmpHAJoDKbIRDSrrs7MveIN1d5nwvAt0vACcCWBx
JO5ro5sxw558iwv4h+96lo0=
=maxK
-----END PGP SIGNATURE-----
More information about the users
mailing list