[users] clamav/clamd selinux problems
Rodrigo Barbosa
rodrigob at darkover.org
Thu Jun 14 18:58:01 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Jun 14, 2007 at 01:52:07PM -0300, Rodrigo Barbosa wrote:
> While trying to use rf's packages for clamav/clamd on a CentOS 5
> box with selinux (targeted) enabled, I ran into several problems.
>
> These problems where solved with the following type enforcement file.
> Hope you find it useful.
>
> ===CUT===
> module clamd 1.0.2;
Ok, sorry about that. That te file still didn't solve all the problems
(freshclam this time). New one:
module clamd 1.0.5;
require {
class dir { read search write add_name remove_name};
class file { read write create getattr lock unlink };
class sock_file { create unlink write };
type auditd_log_t;
type clamd_t;
type semanage_t;
type sysctl_kernel_t;
type useradd_t;
type var_log_t;
type var_t;
type tmp_t;
role system_r;
};
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow semanage_t auditd_log_t:dir search;
allow useradd_t var_log_t:file { read write };
allow clamd_t var_t:file { create getattr lock write read unlink };
allow clamd_t var_t:dir { read write add_name remove_name};
allow clamd_t tmp_t:sock_file { create unlink write };
- --
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFGcXOZpdyWzQ5b5ckRAo5aAJ9eie8c013mYILRTR0b7+G3JtnveACgmBkt
vCNdauWBoeYrsOQQBpVS3JI=
=zQ6t
-----END PGP SIGNATURE-----
More information about the users
mailing list