[users] clamav/clamd selinux problems
Roger Håkansson
hson at ludd.luth.se
Thu Nov 29 19:47:55 CET 2007
Jan-Frode Myklebust wrote:
> On 7/20/07, Dag Wieers <dag at wieers.com> wrote:
>
>>>> The more it is being discussed, the sooner I will have something that
>>>> I'm confident in.
>
> OK, some more data on what we needed to do to get amavisd-new clamav
> and postfix working together on RHEL5 with selinux in default targeted
> mode.
>
> - In /etc/clamd.conf, set DatabaseDirectory /var/lib/clamav
> - Move /var/clamav to /var/lib/clamav and make sure file context are
> correct by "restorecon /var/lib/clamav
> - In /etc/clamd.conf, set LocalSocketLocalSocket /var/spool/amavisd/clamd.sock
> - Create the dir for this socket, writeable by group amavis (which
> includes user clamav):
> mkdir /var/spool/amavisd/ ; chown amavis:amavis /var/spool/amavisd/
> chmod g+w /var/spool/amavisd/ ; restorecon /var/spool/amavisd
Now, this is a late follow-up, but....
I'm new to the list (got here trying to find some info on how to solve
the selinux/clamd-problem), but in my mind it seems like a bad idea to
create a dependency between clamd and amavisd.
Sure, if you are running both it might seem like a good idea to have the
clamd-socket in /var/spool/amavisd, but for those of us who don't use
amavisd at all, its just silly to have a directory created which have
nothing to do with clamd (not to speak of the fact that the user and
group which would own the directory doesn't exist either).
/var/run/clamav/clamd.sock seems like a more appropriate place to put
the socket.
--
Roger Håkansson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3299 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.rpmforge.net/pipermail/users/attachments/20071129/e27cc367/smime.bin
More information about the users
mailing list