after cleaning up a bunch or selinux alerts, I update and wham, clamav/clamd/clamav-db make me assert contexts again to /var/clamav like...
chcon -t clamd_t clamav -R
which temporarily solves the problem but it would be better if it were policy and not file contexts. So I search and see for some reason, /var/clamav is ignored...
# grep clam /etc/selinux/targeted/contexts/files/file_contexts /etc/clamav(/.*)? system_u:object_r:clamd_etc_t:s0 /var/run/clamd.* system_u:object_r:clamd_var_run_t:s0 /var/run/clamav.* system_u:object_r:clamd_var_run_t:s0 /var/lib/clamav(/.*)? system_u:object_r:clamd_var_lib_t:s0 /var/log/clamav(/.*)? system_u:object_r:clamd_var_log_t:s0 /var/run/amavis(d)?/clamd.pid -- system_u:object_r:clamd_var_run_t:s0 /var/log/clamav/freshclam.* -- system_u:object_r:freshclam_var_log_t:s0 /usr/sbin/clamd -- system_u:object_r:clamd_exec_t:s0 /usr/bin/clamscan -- system_u:object_r:clamscan_exec_t:s0 /usr/bin/clamdscan -- system_u:object_r:clamscan_exec_t:s0 /usr/bin/freshclam -- system_u:object_r:freshclam_exec_t:s0 /usr/share/clamav/clamd-gen -- system_u:object_r:bin_t:s0 /var/spool/amavisd/clamd.sock -s system_u:object_r:clamd_var_run_t:s0 /usr/share/clamav/freshclam-sleep -- system_u:object_r:bin_t:s0
Is there something I don't understand or does this need to be bugzilla'd? Upstream?
Craig