Updates to clamav [patch]

Russell Coker russell at coker.com.au
Fri Apr 22 08:05:24 UTC 2005


On Friday 15 April 2005 07:35, David Hampton <hampton-rh at rainbolthampton.net> 
wrote:
> The attached patch updates the (unused) clamav policy to work with the
> changes in the FC strict/1.23.10-2 policy.  It also fixes an access
> problem with the clamd socket.

+allow freshclam_t http_port_t:tcp_socket name_connect;

The attribute web_client_domain should grant such access.  Probably the policy 
related to the web_client_domain attribute hasn't been updated.

+# Pid files for freshclam
+allow initrc_t clamd_var_run_t:file { create setattr };

What's happening there?  Is the initrc script trying to create and chown the 
file and then setuid to the clamav user before starting the daemon?

While we're at it we should rename clamd_sock_t to clamd_var_run_t.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page




More information about the fedora-selinux-list mailing list