CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel)
Is there something going on in selinuxland with respect to clamav, amavisd-new and postfix? Since the most recent update of clamav I seem to be detecting more avc's. It may be that it is because I am looking for them more frequently but it seems to me that something has happened external to my control.
The most recent things I see are these:
audit2allow -l -a
#============= amavis_t ============== allow amavis_t sysfs_t:dir read; allow amavis_t sysfs_t:file open;
#============= clamscan_t ============== #!!!! The source type 'clamscan_t' can write to a 'dir' of the following types: # clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t
allow clamscan_t amavis_spool_t:dir write;
#============= postfix_smtp_t ============== allow postfix_smtp_t postfix_spool_maildrop_t:file open;
#============= spamd_t ============== allow spamd_t etc_runtime_t:file append;
Is there anything wrong with just creating a local policy module for these and loading it?
-
James B. Byrne