[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Updates to clamav [patch]



The attached patch updates the (unused) clamav policy to work with the
changes in the FC strict/1.23.10-2 policy.  It also fixes an access
problem with the clamd socket.

David

Index: domains/program/unused/clamav.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/domains/program/unused/clamav.te,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 clamav.te
--- domains/program/unused/clamav.te	6 Apr 2005 22:35:54 -0000	1.1.1.2
+++ domains/program/unused/clamav.te	13 Apr 2005 23:14:11 -0000
@@ -29,6 +29,7 @@
 read_sysctl(freshclam_t)
 
 can_network_client_tcp(freshclam_t, http_port_t);
+allow freshclam_t http_port_t:tcp_socket name_connect;
 can_resolve(freshclam_t)
 can_ypbind(freshclam_t)
 
@@ -64,6 +65,9 @@
 logdir_domain(freshclam)
 allow initrc_t freshclam_log_t:file append;
 
+# Pid files for freshclam
+allow initrc_t clamd_var_run_t:file { create setattr };
+
 system_crond_entry(freshclam_exec_t, freshclam_t)
 domain_auto_trans(logrotate_t, freshclam_exec_t, freshclam_t)
 
Index: macros/program/clamav_macros.te
===================================================================
RCS file: /home/cvs/starfury/etc/selinux/strict/src/policy/macros/program/clamav_macros.te,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 clamav_macros.te
--- macros/program/clamav_macros.te	6 Apr 2005 22:33:28 -0000	1.1.1.1
+++ macros/program/clamav_macros.te	6 Apr 2005 23:44:18 -0000
@@ -12,6 +12,7 @@
 define(`can_clamd_connect',`
 allow $1_t clamd_var_run_t:dir search;
 allow $1_t clamd_var_run_t:sock_file write;
+allow $1_t clamd_sock_t:sock_file write;
 can_unix_connect($1_t, clamd_t)
 ')
 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]