[CentOS] clamav and selinux

Sat Apr 4 13:12:32 UTC 2009
Craig White <craigwhite at azapple.com>

On Sat, 2009-04-04 at 06:00 -0700, Craig White wrote:
> On Sat, 2009-04-04 at 14:08 +0200, Ralph Angenendt wrote:
> > Craig White wrote:
> > > after cleaning up a bunch or selinux alerts, I update and wham,
> > > clamav/clamd/clamav-db make me assert contexts again to /var/clamav
> > > like...
> > > 
> > > chcon -t clamd_t clamav -R
> > > 
> > > which temporarily solves the problem but it would be better if it were
> > > policy and not file contexts. So I search and see for some
> > > reason, /var/clamav is ignored...
> > > 
> > > Is there something I don't understand or does this need to be
> > > bugzilla'd? Upstream?
> > 
> > No, rpmforge. They package clamd to use /var/clamav and not /var/lib/clamav. There already have been discussions on their list in the last month/this months. See lists.rpmforge.net.
> ----
> yeah, I'm even on that list too...
> 
> I was thinking that since /etc/selinux/.../file_contexts was part of the
> distribution, and it already contained all but one context for the
> various clam packages, that amendments to that file would come from
> upstream.  ;-(
> 
> As for the rpmforge list, there was a request to use a modified spec
> file to generate rpm's for clamav for this very same problem but it
> isn't getting done.
> 
> I suppose if nothing else, someone who searches the CentOS list will
> have the appropriate command to clean it up each time a new clamav is
> released...
> 
> chcon -t clamd_t /var/clamav -R
----
this might prove to be more durable through upgrades (time will tell).

semanage fcontext -a -t clamd_t "/var/clamav(/.*)?"

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.