Re: Clamd getting out of hand...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:


> But do you have the original avc messages used to generate the policy.
> I want to see if we are missing transitions?  What port is it
> communicating with etc.

Apologies for the slow response. RL gets in the way sometimes...

To recap:

My mail chain is as follows:

fetchmail -> procmail
                |
                 -> clamassassin -> spamassassin -> dovecot -> MUA
                        |
                         -> clamdscan
                               |
                                -> clamd

I had made several home-made policies to allow clamd to work under F8.
Following an upgrade to F9 I get a whole load more avc denials and have
had to add a bunch of policies to get it to work.

With SEL in enforcing mode (I know I should have set it to permissive
until I had sorted this out but I though each problem would be the
last..) the recent denials fell into 3 types:

sending denials
receiving denial
write to pipe denials

I got several hundred sending denials until I wrote a policy with
audit2allow then I got sever hundred receiving denials until I fixed
that and finally a ton of write-to pipe. If you look at the collection
of raw audit messages (just a sample) that I posted here

http://pastebin.com/m7b60d46a

you will see that almost every part of the mail chain seems to be
affected.

Finding the original avc messages from my F8 install would be hard work,
but I have included 3 (one of each type) from the F9 upgrade. You can
see them here:

http://pastebin.com/m1fc5a466

If you want others (as referred to in the raw avcs) just let me know.

So, clamd settings can be seen here (entire clamd.conf file) :
http://pastebin.com/m72927397
A selection of raw avc messages can be seen here:
http://pastebin.com/m7b60d46a
And 3 of the entire avc messages here:
http://pastebin.com/m1fc5a466


I really do thank you for your help...

AD


Attachment: pgp5wx7A6zVRU.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux