[users] clamav/clamd selinux problems

Rodrigo Barbosa rodrigob at darkover.org
Thu Jun 14 18:52:07 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

While trying to use rf's packages for clamav/clamd on a CentOS 5
box with selinux (targeted) enabled, I ran into several problems.

These problems where solved with the following type enforcement file.
Hope you find it useful.

===CUT===
module clamd 1.0.2;

require {
        class dir { read search write add_name };
        class file { read write create getattr lock };
        class sock_file { create };
        type auditd_log_t;
        type clamd_t;
        type semanage_t;
        type sysctl_kernel_t;
        type useradd_t;
        type var_log_t;
        type var_t;
        type tmp_t;
        role system_r;
};

allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow semanage_t auditd_log_t:dir search;
allow useradd_t var_log_t:file { read write };
allow clamd_t var_t:dir { read write add_name};
allow clamd_t tmp_t:sock_file create;
allow clamd_t var_t:file { create getattr lock write read };
===CUT===

- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGcXI3pdyWzQ5b5ckRAmpHAJoDKbIRDSrrs7MveIN1d5nwvAt0vACcCWBx
JO5ro5sxw558iwv4h+96lo0=
=maxK
-----END PGP SIGNATURE-----



More information about the users mailing list