[CentOS] clamav and selinux

Craig White

craigwhite at azapple.com
Fri Apr 3 21:31:13 UTC 2009


after cleaning up a bunch or selinux alerts, I update and wham,
clamav/clamd/clamav-db make me assert contexts again to /var/clamav
like...

chcon -t clamd_t clamav -R

which temporarily solves the problem but it would be better if it were
policy and not file contexts. So I search and see for some
reason, /var/clamav is ignored...

# grep clam /etc/selinux/targeted/contexts/files/file_contexts
/etc/clamav(/.*)?       system_u:object_r:clamd_etc_t:s0
/var/run/clamd.*        system_u:object_r:clamd_var_run_t:s0
/var/run/clamav.*       system_u:object_r:clamd_var_run_t:s0
/var/lib/clamav(/.*)?   system_u:object_r:clamd_var_lib_t:s0
/var/log/clamav(/.*)?   system_u:object_r:clamd_var_log_t:s0
/var/run/amavis(d)?/clamd\.pid  --
system_u:object_r:clamd_var_run_t:s0
/var/log/clamav/freshclam.*     --
system_u:object_r:freshclam_var_log_t:s0
/usr/sbin/clamd --      system_u:object_r:clamd_exec_t:s0
/usr/bin/clamscan       --      system_u:object_r:clamscan_exec_t:s0
/usr/bin/clamdscan      --      system_u:object_r:clamscan_exec_t:s0
/usr/bin/freshclam      --      system_u:object_r:freshclam_exec_t:s0
/usr/share/clamav/clamd-gen     --      system_u:object_r:bin_t:s0
/var/spool/amavisd/clamd\.sock  -s
system_u:object_r:clamd_var_run_t:s0
/usr/share/clamav/freshclam-sleep       --
system_u:object_r:bin_t:s0

Is there something I don't understand or does this need to be
bugzilla'd? Upstream?

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the CentOS mailing list