On Thursday 17 March 2005 00:17, David Hampton <hampton-rh@xxxxxxxxxxxxxxxxxxx> wrote: > I've added support to the (unused) clamav policy to allow listening for > service requests on a TCP socket, and for interacting with amavis. I > also made some tweaks that tighten up the network access allowed by > freshclam, split the freshclam and spamd log files into two different > types, and make the clamd control socket a unique type. Thanks. +can_network_client_tcp(freshclam_t, http_port_t); This should be replaced by web_client_domain (the policy for which may need to be adjusted). Among other things the above policy doesn't work for http_cache_port_t. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
