[users] clamav/clamd selinux problems

Roger Håkansson hson at ludd.luth.se
Thu Nov 29 19:47:55 CET 2007


Jan-Frode Myklebust wrote:
> On 7/20/07, Dag Wieers <dag at wieers.com> wrote:
> 
>>>> The more it is being discussed, the sooner I will have something that
>>>> I'm confident in.
> 
> OK, some more data on what we needed to do to get amavisd-new clamav
> and postfix working together on RHEL5 with selinux in default targeted
> mode.
> 
> - In /etc/clamd.conf, set DatabaseDirectory /var/lib/clamav
> - Move /var/clamav to /var/lib/clamav and make sure file context are
> correct by "restorecon /var/lib/clamav
> - In /etc/clamd.conf, set LocalSocketLocalSocket /var/spool/amavisd/clamd.sock
> - Create the dir for this socket, writeable by group amavis (which
> includes user clamav):
>      mkdir /var/spool/amavisd/ ; chown amavis:amavis /var/spool/amavisd/
>      chmod g+w /var/spool/amavisd/ ; restorecon /var/spool/amavisd

Now, this is a late follow-up, but....

I'm new to the list (got here trying to find some info on how to solve 
the selinux/clamd-problem), but in my mind it seems like a bad idea to 
create a dependency between clamd and amavisd.
Sure, if you are running both it might seem like a good idea to have the 
clamd-socket in /var/spool/amavisd, but for those of us who don't use 
amavisd at all, its just silly to have a directory created which have 
nothing to do with clamd (not to speak of the fact that the user and 
group which would own the directory doesn't exist either).
/var/run/clamav/clamd.sock seems like a more appropriate place to put 
the socket.


--
Roger Håkansson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3299 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.repoforge.org/pipermail/users/attachments/20071129/e27cc367/attachment-0004.bin>


More information about the users mailing list