On Wed, 2008-03-05 at 22:38 -0600, Edward Kuns wrote:
I know I must be doing something wrong, but hours and hours of
googling
have not turned up any help. The following is in myclamav.te:
module myclamav 1.0;
require {
type shell_exec_t;
type sendmail_exec_t;
type bin_t;
type clamd_t;
class dir search;
class file { execute getattr };
}
mta_send_mail(clamd_t);
#============= clamd_t ==============
allow clamd_t bin_t:dir search;
allow clamd_t sendmail_exec_t:file { execute getattr };
allow clamd_t shell_exec_t:file getattr;
As root, I run:
checkmodule -m myclamav.te
When building policy modules that use refpolicy interfaces, you need to
use the refpolicy build infrastructure. yum install
selinux-policy-devel and make -f /usr/share/selinux/devel/Makefile
myclamav.pp.
--
Stephen Smalley
National Security Agency