[CentOS] clamav and selinux

Craig White craigwhite at azapple.com
Fri Apr 3 22:31:13 UTC 2009

after cleaning up a bunch or selinux alerts, I update and wham,
clamav/clamd/clamav-db make me assert contexts again to /var/clamav

chcon -t clamd_t clamav -R

which temporarily solves the problem but it would be better if it were
policy and not file contexts. So I search and see for some
reason, /var/clamav is ignored...

# grep clam /etc/selinux/targeted/contexts/files/file_contexts
/etc/clamav(/.*)?       system_u:object_r:clamd_etc_t:s0
/var/run/clamd.*        system_u:object_r:clamd_var_run_t:s0
/var/run/clamav.*       system_u:object_r:clamd_var_run_t:s0
/var/lib/clamav(/.*)?   system_u:object_r:clamd_var_lib_t:s0
/var/log/clamav(/.*)?   system_u:object_r:clamd_var_log_t:s0
/var/run/amavis(d)?/clamd\.pid  --
/var/log/clamav/freshclam.*     --
/usr/sbin/clamd --      system_u:object_r:clamd_exec_t:s0
/usr/bin/clamscan       --      system_u:object_r:clamscan_exec_t:s0
/usr/bin/clamdscan      --      system_u:object_r:clamscan_exec_t:s0
/usr/bin/freshclam      --      system_u:object_r:freshclam_exec_t:s0
/usr/share/clamav/clamd-gen     --      system_u:object_r:bin_t:s0
/var/spool/amavisd/clamd\.sock  -s
/usr/share/clamav/freshclam-sleep       --

Is there something I don't understand or does this need to be
bugzilla'd? Upstream?


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the CentOS mailing list