[users] clamav/clamd selinux problems

Rodrigo Barbosa rodrigob at darkover.org
Thu Jun 14 18:58:01 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Jun 14, 2007 at 01:52:07PM -0300, Rodrigo Barbosa wrote:
> While trying to use rf's packages for clamav/clamd on a CentOS 5
> box with selinux (targeted) enabled, I ran into several problems.
> 
> These problems where solved with the following type enforcement file.
> Hope you find it useful.
> 
> ===CUT===
> module clamd 1.0.2;

Ok, sorry about that. That te file still didn't solve all the problems
(freshclam this time). New one:

module clamd 1.0.5;

require {
        class dir { read search write add_name remove_name};
        class file { read write create getattr lock unlink };
        class sock_file { create unlink write };
        type auditd_log_t;
        type clamd_t;
        type semanage_t;
        type sysctl_kernel_t;
        type useradd_t;
        type var_log_t;
        type var_t;
        type tmp_t;
        role system_r;
};

allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow semanage_t auditd_log_t:dir search;
allow useradd_t var_log_t:file { read write };
allow clamd_t var_t:file { create getattr lock write read unlink };
allow clamd_t var_t:dir { read write add_name remove_name};
allow clamd_t tmp_t:sock_file { create unlink write };

- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGcXOZpdyWzQ5b5ckRAo5aAJ9eie8c013mYILRTR0b7+G3JtnveACgmBkt
vCNdauWBoeYrsOQQBpVS3JI=
=zQ6t
-----END PGP SIGNATURE-----



More information about the users mailing list