On 08/23/2010 12:57 PM, Arthur Dent wrote: > On Mon, 2010-08-23 at 12:31 +0200, Dominick Grift wrote: >> On 08/23/2010 12:20 PM, Arthur Dent wrote: >>> On Mon, 2010-08-23 at 10:56 +0200, Dominick Grift wrote: >>>> On 08/23/2010 10:47 AM, Arthur Dent wrote: >>>>> On Mon, 2010-08-23 at 10:42 +0200, Dominick Grift wrote: >>>>>> On 08/23/2010 10:40 AM, Arthur Dent wrote: >>>>>>> On Mon, 2010-08-23 at 10:29 +0200, Dominick Grift wrote: >>>>>>>> On 08/23/2010 10:09 AM, Arthur Dent wrote: >>>>>>>>> On Sun, 2010-08-22 at 22:44 +0100, Arthur Dent wrote: >>>>>>>>>> On Sun, 2010-08-22 at 23:07 +0200, Dominick Grift wrote: >>>>>>>>>>> On 08/22/2010 08:24 PM, Arthur Dent wrote: >>>>>>>>>> >> >> Looks like clamd again/or still runs in the init script domain. >> Therefore clamdscan cannot connect to it >> >> ps -auxZ | grep initrc_t > > # ps -auxZ | grep initrc_t > Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ > system_u:system_r:initrc_t:s0 ddclient 1141 0.0 0.1 9148 1824 ? S Aug21 0:02 ddclient - sleeping for 20 seconds > unconfined_u:system_r:initrc_t:s0 clamav 19801 0.2 27.6 309276 279772 ? Ssl Aug22 4:01 /usr/local/sbin/clamd > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 25217 0.0 0.0 4312 728 pts/0 S+ 11:55 0:00 grep initrc_t So clamd runs in the wrong domain: try: matchpathcon /usr/local/sbin/clamd chcon -t clamd_exec_t /usr/local/sbin/clamd service clamd restart >> >> We need to make sure that clamd runs in its own domain. >> > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
