On Mon, 2010-08-23 at 20:50 +0200, Dominick Grift wrote:
> open your ~/myclamd/myclamd.te file and append the following:
>
> gen_require(`
> type clamscan_t;
> ')
>
> procmail_rw_tmp_files(clamscan_t)
> mta_read_queue(clamscan_t)
>
>
> Then rebuild be binary representation and reinstall it:
>
> cd ~/myclamd;
> make -f /usr/share/selinux/devel/Makefile myclamd.pp
> sudo semodule -i myclamd.pp
I'm sorry to be a nuisance Dominick, but I'm afraid there's another
problem.
Many people, including myself, who use clamd run a program called
clamdwatch to monitor the fact that the clamd daemon is alive and well.
This basically works by sending the Eicar virus to clamd and if it
doesn't get back the expected virus warning it assumes clamd is dead and
tries to restart it.
I have it running from a cron job:
*/10 * * * * /root/scripts/clamdwatch -q && ( /usr/bin/killall -9 clamd; rm -fr /var/run/clamd.sock; rm -rf /tmp/clamav-*; /etc/init.d/clamd start 2>&1 )
At the moment, every time this runs it restarts clamd.
Here is the associated avc (still with semanage -DB).
----
time->Mon Aug 23 23:10:02 2010
type=SYSCALL msg=audit(1282601402.200:45477): arch=40000003 syscall=33
success=no exit=-13 a0=a5600488 a1=4 a2=a61ff1fc a3=44 items=0 ppid=1
pid=30729 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1341 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282601402.200:45477): avc: denied { read } for
pid=30729 comm="clamd" name="clamdwatch-Hv4FZ1XIhEGihCAR" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
----
> Next rebuild the policy with the hidden denials loaded.
>
> sudo semodule -B
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
