On 08/25/2010 10:48 PM, Jason Axelson wrote:
> Hi,
>
> On Wed, Aug 25, 2010 at 10:17 AM, Arthur Dent
> <misc.lists@xxxxxxxxxxxxxxxx> wrote:
>> Do you speak perl?
>
> I do. At least some.
>
>> This is an extract of the clamdwatch script:
>>
>> # "CONFIG" section
>> #
>> # $Socket values:
>> # = "3310" (as in the tcp port; make sure $ip is correct if you use this)
>> # = "/path/to/clamd/socket"
>> my $Socket = $options{s} || "/var/run/clamd/clamd.sock";
>> my $log = $options{l} || 0;
>> my $ip = "127.0.0.1";
>> my $timeout = $options{t} || 15;
>> my $lockFile = $options{L} || "/var/lock/subsys/clamd";
>> my $quiet = $options{q} || 0;
>> my $sock;
>>
>> # reversed eicar
>> my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
>> srand;
>> my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
>> chmod('0644', $tempFile);
>>
>>
>> Could we change that line to add a chcon command?
>
> You just need to enclose it in backquotes (`). So something like this
> `chcon -t clamd_tmp_t $templfile` would result in:
>
> my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
> srand;
> my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
> `chcon -t clamd_tmp_t $tempFile`
> chmod('0644', $tempFile);
>
> However, I think that the mkstemp call is failing since I think this
> script cannot write into the /tmp/ directory. You may need to do
> something like create a /tmp/clamd/ directory and give it a
> clamd_tmp_t type.
It should be able to write into tmp and i think it is. This script is
run by an unconfined user in an unconfined domain
> Jason
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
