[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux interfering with clamav?

From: Edward Kuns <ekuns kilroy chi il us>
To: fedora-selinux-list redhat com
Subject: Re: SELinux interfering with clamav?
Date: Sun, 02 Mar 2008 23:40:17 -0600

It's taking a while to track down the full policy needed for
clamav-milter to be able to detect a virus and react fully, as I have to
wait until I receive a virus (sending out outgoing doesn't trigger the
same results).  Here is my current policy after a few rounds of adding
another incremental rule:

module myclamav 1.0;

require {
        type shell_exec_t;
        type sendmail_exec_t;
        type clamd_t;
        class file { execute getattr };
}

#============= clamd_t ==============
allow clamd_t sendmail_exec_t:file { execute getattr };
allow clamd_t shell_exec_t:file getattr;


It looks like clamav-milter is running /usr/sbin/sendmail.sendmail via a
bash script, but I haven't looked into the workings to really be sure.

           Eddie

-- 
Edward Kuns <ekuns kilroy chi il us>

References:
- Re: SELinux interfering with clamav?
  - From: Edward Kuns

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]