On Wed, 2010-08-25 at 10:48 -1000, Jason Axelson wrote:
> Hi,
>
> On Wed, Aug 25, 2010 at 10:17 AM, Arthur Dent
> <misc.lists@xxxxxxxxxxxxxxxx> wrote:
> > Do you speak perl?
>
> I do. At least some.
>
> > This is an extract of the clamdwatch script:
> >
> > # "CONFIG" section
> > #
> > # $Socket values:
> > # = "3310" (as in the tcp port; make sure $ip is correct if you use this)
> > # = "/path/to/clamd/socket"
> > my $Socket = $options{s} || "/var/run/clamd/clamd.sock";
> > my $log = $options{l} || 0;
> > my $ip = "127.0.0.1";
> > my $timeout = $options{t} || 15;
> > my $lockFile = $options{L} || "/var/lock/subsys/clamd";
> > my $quiet = $options{q} || 0;
> > my $sock;
> >
> > # reversed eicar
> > my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
> > srand;
> > my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
> > chmod('0644', $tempFile);
> >
> >
> > Could we change that line to add a chcon command?
>
> You just need to enclose it in backquotes (`). So something like this
> `chcon -t clamd_tmp_t $templfile` would result in:
>
> my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
> srand;
> my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
> `chcon -t clamd_tmp_t $tempFile`
> chmod('0644', $tempFile);
>
> However, I think that the mkstemp call is failing since I think this
> script cannot write into the /tmp/ directory. You may need to do
> something like create a /tmp/clamd/ directory and give it a
> clamd_tmp_t type.
Thank you Jason!
Adding `chcon -t clamd_tmp_t $tempFile` as you suggested did actually
work! (although I needed to add a ";" to the end of the line).
I haven't tried it from cron yet, but it works from the command line.
Thanks again.
Mark
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
