Lomac questions [was Re: [OT] SELinux vs. other systems]
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Thu Sep 2 20:05:40 UTC 2004
On Thu, Sep 02, 2004 at 12:29:07PM -0500, Linas Vepstas wrote:
> Is the 'broken-ness' the fact that grandma failed to run an anti-virus
> scanner and verify checksums, yada yada, before elevating the
> priveldge on the downloaded software?
[this is all with the strict policy 1.14 mostly sortof btw]
i've installed clamav, spamassassin, razor and pyzor.
oh, and freshclam.
i then found a little script called clamassassin [google], i then
searched [google] for some advice on how to set up kmail filters.
kmail, the clamassassin script and spamc all run under the user
context.
the user context is given the right to bind to servers.
spamd and clamd both run as servers: they have their own
policies that restrict their operation to what is known
that they presently do, but they are allowed to listen to
incoming requests [from spamc and the clamassassin script
respectively.]
selinux doesn't in the _slightest_ bit get in the way.
the only thing that i did find is that razor is a complete pain.
it endeavours to write log files into /root/razor.log, /tmp/razor.log,
/razor.log, it's a pain, and selinux is _exactly_ the sort of thing
that can detect - and stop! - this behaviour.
pyzor appears to be a lot less haphazard.
also nobody else appears to have tried to run freshclam [automatic
update script] before now, so i had to hack the clamav.te policy
a bit to get it to run.
l.
More information about the fedora-selinux-list
mailing list