[CentOS] clamav and selinux

Sat Apr 4 13:00:50 UTC 2009
Craig White <craigwhite at azapple.com>

On Sat, 2009-04-04 at 14:08 +0200, Ralph Angenendt wrote:
> Craig White wrote:
> > after cleaning up a bunch or selinux alerts, I update and wham,
> > clamav/clamd/clamav-db make me assert contexts again to /var/clamav
> > like...
> > 
> > chcon -t clamd_t clamav -R
> > 
> > which temporarily solves the problem but it would be better if it were
> > policy and not file contexts. So I search and see for some
> > reason, /var/clamav is ignored...
> > 
> > Is there something I don't understand or does this need to be
> > bugzilla'd? Upstream?
> 
> No, rpmforge. They package clamd to use /var/clamav and not /var/lib/clamav. There already have been discussions on their list in the last month/this months. See lists.rpmforge.net.
----
yeah, I'm even on that list too...

I was thinking that since /etc/selinux/.../file_contexts was part of the
distribution, and it already contained all but one context for the
various clam packages, that amendments to that file would come from
upstream.  ;-(

As for the rpmforge list, there was a request to use a modified spec
file to generate rpm's for clamav for this very same problem but it
isn't getting done.

I suppose if nothing else, someone who searches the CentOS list will
have the appropriate command to clean it up each time a new clamav is
released...

chcon -t clamd_t /var/clamav -R

Thanks

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.