Re: Clamd - again...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/25/2010 08:33 PM, Arthur Dent wrote:
> On Tue, 2010-08-24 at 11:07 +0200, Dominick Grift wrote:
>> On 08/24/2010 11:05 AM, Arthur Dent wrote:
>>> On Tue, 2010-08-24 at 09:18 +0200, Dominick Grift wrote:
>>>
>>>>
>>>> Does:
>>>> /root/scripts/clamdwatch -q && ( /usr/bin/killall -9 clamd; rm -fr
>>>> /var/run/clamd.sock; rm -rf /tmp/clamav-*; chcon -t /tmp/clamdwatch*;
>>>> /etc/init.d/clamd start 2>&1 )
>>>>
>>>> make it work?
>>>
>>> Hmm... Why doesn't it like that?
>>>
>>> chcon: missing operand
>>> Try `chcon --help' for more information.
>>> Starting clamd: [  OK  ]
>>>
>>
>> Whoops, its: chcon -t clamd_tmp_t /tmp/clamdwatch*;
> 
> OK - I'm not sure this approach is going to work. If I run this cronjob
> script it returns the following:
> chcon: cannot access `/tmp/clamdwatch*': No such file or directory
> Starting clamd: [  OK  ]

Why is that happening? It looks like clamd started "OK" ?
fact of the matter is that clamd_t cannot access user_tmp_t files/dir
so by labelling it clamd_tmp_t , clamd_t should be able to read it.

How to implement that best can be tested.

optionally one could (and probably should) confine clamdwatch but that
would take some work.

i am of the opinion that by just labelling the offending object manually
clamd_tmp_t it should work and be an easy fix.

> The reason is - I think - because the clamdwatch script does certain
> tests and puts the results in /tmp/clamdwatch. Only if the results of
> the test fail does it kill everything and clean up after itself and then
> restart clamd.
> 
> If I try to run the clamdwatch script from the command line this is what
> I get:
> 
> [root@troodos scripts]# ./clamdwatch
> Clamd is in an unknown state.
> It returned: /tmp/clamdwatch-ymyC2PA1n1gjmt9Z: Access denied. ERROR
> 
> Thanks again..
> 
> Mark
> 
> 
> 
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Attachment: signature.asc
Description: OpenPGP digital signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux