[users] clamav/clamd selinux problems

Dag Wieers dag at wieers.com
Fri Jul 20 08:47:08 CEST 2007


On Thu, 19 Jul 2007, Jan-Frode Myklebust wrote:

> Instead of modifying the selinux policy, I think it would be much better to
> fix the clamd (and the RPM) to use /var/lib/clamav as it's DatabaseDirectory
> (instead of /var/clamav), and use /var/spool/amavisd/clamd.sock as
> LocalSocket (instead of /tmp/clamd.socket). Then the clamd process would be
> properly contained by the RHEL5 selinux policy.

That is a very sensible solution, yes. The problem however is to migrate 
clamav users away from the previous setup.


> Quoted in full since it's over a month old :-)

Yeah, I'm still not certain about the path I should follow for 
implementing this. So I'd prefer to hold off instead of implementing 
something that works for someone without understanding the ramifications.

The more it is being discussed, the sooner I will have something that I'm 
confident in.

--   dag wieers,  dag at wieers.com,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]



More information about the users mailing list