On Friday 15 April 2005 07:35, David Hampton <hampton-rh@xxxxxxxxxxxxxxxxxxx>
wrote:
> The attached patch updates the (unused) clamav policy to work with the
> changes in the FC strict/1.23.10-2 policy. It also fixes an access
> problem with the clamd socket.
+allow freshclam_t http_port_t:tcp_socket name_connect;
The attribute web_client_domain should grant such access. Probably the policy
related to the web_client_domain attribute hasn't been updated.
+# Pid files for freshclam
+allow initrc_t clamd_var_run_t:file { create setattr };
What's happening there? Is the initrc script trying to create and chown the
file and then setuid to the clamav user before starting the daemon?
While we're at it we should rename clamd_sock_t to clamd_var_run_t.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
