It's taking a while to track down the full policy needed for
clamav-milter to be able to detect a virus and react fully, as I have to
wait until I receive a virus (sending out outgoing doesn't trigger the
same results). Here is my current policy after a few rounds of adding
another incremental rule:
module myclamav 1.0;
require {
type shell_exec_t;
type sendmail_exec_t;
type clamd_t;
class file { execute getattr };
}
#============= clamd_t ==============
allow clamd_t sendmail_exec_t:file { execute getattr };
allow clamd_t shell_exec_t:file getattr;
It looks like clamav-milter is running /usr/sbin/sendmail.sendmail via a
bash script, but I haven't looked into the workings to really be sure.
Eddie
--
Edward Kuns <ekuns@xxxxxxxxxxxxxxxx>
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
