Partitions Mounted by fstab
Arthur Dent
selinux.list at troodos.demon.co.uk
Thu Mar 6 15:46:28 UTC 2008
On Thu, Mar 06, 2008 at 10:23:53AM -0500, Stephen Smalley wrote:
>
> > # cat myclamd.te
> > policy_module(myclamd, 1.2)
> > require {
> > type clamscan_t;
> > type clamd_t;
> > class tcp_socket { write create connect };
> > type var_run_t;
> > type user_home_t;
> > class sock_file write;
> > class file append;
> >
> > }
> >
> > #============= clamd_t ==============
> > corenet_tcp_bind_generic_port(clamd_t)
> >
> > #============= clamscan_t ==============
> > allow clamscan_t self:tcp_socket { write create connect };
> > allow clamscan_t user_home_t:file append;
>
> What file in your home directory is clamscan appending to?
> Maybe we can put it into a distinct type and protect the rest of your
> files?
>
Not sure... clamd is used by clamassassin which is called by procmail.
Procmail has local configurations set in various "rc" files in
~/Procmail/ in my home directory. But only procmail would require (read)
access to those. Then procmail writes to its log which is
~/Procmail/pmlog (also rotated by logrotate).
I'll try commenting out that line and see what happens...
Thanks
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080306/9bed0616/attachment.sig>
More information about the fedora-selinux-list
mailing list