On Thu, Mar 06, 2008 at 10:23:53AM -0500, Stephen Smalley wrote:
> # cat myclamd.te
> policy_module(myclamd, 1.2)
> require {
> type clamscan_t;
> type clamd_t;
> class tcp_socket { write create connect };
> type var_run_t;
> type user_home_t;
> class sock_file write;
> class file append;
>
> }
>
> #============= clamd_t ==============
> corenet_tcp_bind_generic_port(clamd_t)
>
> #============= clamscan_t ==============
> allow clamscan_t self:tcp_socket { write create connect };
> allow clamscan_t user_home_t:file append;
What file in your home directory is clamscan appending to?
Maybe we can put it into a distinct type and protect the rest of your
files?
Not sure... clamd is used by clamassassin which is called by procmail.
Procmail has local configurations set in various "rc" files in
~/Procmail/ in my home directory. But only procmail would require (read)
access to those. Then procmail writes to its log which is
~/Procmail/pmlog (also rotated by logrotate).
I'll try commenting out that line and see what happens...
Thanks
Mark