On Tue, 2010-08-24 at 08:41 +0200, Dominick Grift wrote:
On 08/24/2010 12:20 AM, Arthur Dent wrote:
> On Mon, 2010-08-23 at 20:50 +0200, Dominick Grift wrote:
>
>> open your ~/myclamd/myclamd.te file and append the following:
>>
>> gen_require(`
>> type clamscan_t;
>> ')
>>
>> procmail_rw_tmp_files(clamscan_t)
>> mta_read_queue(clamscan_t)
>>
>>
>> Then rebuild be binary representation and reinstall it:
>>
>> cd ~/myclamd;
>> make -f /usr/share/selinux/devel/Makefile myclamd.pp
>> sudo semodule -i myclamd.pp
>
> I'm sorry to be a nuisance Dominick, but I'm afraid there's another
> problem.
>
> Many people, including myself, who use clamd run a program called
> clamdwatch to monitor the fact that the clamd daemon is alive and well.
>
> This basically works by sending the Eicar virus to clamd and if it
> doesn't get back the expected virus warning it assumes clamd is dead and
> tries to restart it.
>
> I have it running from a cron job:
> */10 * * * * /root/scripts/clamdwatch -q && ( /usr/bin/killall -9 clamd; rm
-fr /var/run/clamd.sock; rm -rf /tmp/clamav-*; /etc/init.d/clamd start 2>&1 )
>
> At the moment, every time this runs it restarts clamd.
>
> Here is the associated avc (still with semanage -DB).
i guess you could chcon the file from the cronjob to use a type that
clamd_t can access. for example append chcon -t clamd_tmp_t /tmp/clamdwatch*
That would be a workaround.
The other approach is to write policy for clamdwatch.
Another approach which is not encouraged is to allow clamd_t access to
user temporary content.
What package provides this app? and why is it in the admin directory?
Sorry - It's not an app, it's a script (perl). It comes in the clamav
tarball. I have put it in my /root/scripts/ directory where I keep most
of my scripts run from cron.
I can send you a copy if that would help?
Thanks
Mark