[CentOS] More avc's wrt to email

Fri Dec 12 16:25:31 UTC 2014
James B. Byrne <byrnejb at harte-lyne.ca>

CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)

Is there something going on in selinuxland with respect to clamav, amavisd-new
and postfix?  Since the most recent update of clamav I seem to be detecting
more avc's.  It may be that it is because I am looking for them more
frequently but it seems to me that something has happened external to my
control.

The most recent things I see are these:


audit2allow -l -a


#============= amavis_t ==============
allow amavis_t sysfs_t:dir read;
allow amavis_t sysfs_t:file open;

#============= clamscan_t ==============
#!!!! The source type 'clamscan_t' can write to a 'dir' of the following types:
# clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t

allow clamscan_t amavis_spool_t:dir write;

#============= postfix_smtp_t ==============
allow postfix_smtp_t postfix_spool_maildrop_t:file open;

#============= spamd_t ==============
allow spamd_t etc_runtime_t:file append;


Is there anything wrong with just creating a local policy module for these and
loading it?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3