On Sat, 2009-04-04 at 06:00 -0700, Craig White wrote: > On Sat, 2009-04-04 at 14:08 +0200, Ralph Angenendt wrote: > > Craig White wrote: > > > after cleaning up a bunch or selinux alerts, I update and wham, > > > clamav/clamd/clamav-db make me assert contexts again to /var/clamav > > > like... > > > > > > chcon -t clamd_t clamav -R > > > > > > which temporarily solves the problem but it would be better if it were > > > policy and not file contexts. So I search and see for some > > > reason, /var/clamav is ignored... > > > > > > Is there something I don't understand or does this need to be > > > bugzilla'd? Upstream? > > > > No, rpmforge. They package clamd to use /var/clamav and not /var/lib/clamav. There already have been discussions on their list in the last month/this months. See lists.rpmforge.net. > ---- > yeah, I'm even on that list too... > > I was thinking that since /etc/selinux/.../file_contexts was part of the > distribution, and it already contained all but one context for the > various clam packages, that amendments to that file would come from > upstream. ;-( > > As for the rpmforge list, there was a request to use a modified spec > file to generate rpm's for clamav for this very same problem but it > isn't getting done. > > I suppose if nothing else, someone who searches the CentOS list will > have the appropriate command to clean it up each time a new clamav is > released... > > chcon -t clamd_t /var/clamav -R ---- this might prove to be more durable through upgrades (time will tell). semanage fcontext -a -t clamd_t "/var/clamav(/.*)?" Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.