Clamd - again...

Arthur Dent misc.lists at blueyonder.co.uk
Wed Aug 25 21:11:22 UTC 2010 

On Wed, 2010-08-25 at 10:48 -1000, Jason Axelson wrote:
> Hi,
> 
> On Wed, Aug 25, 2010 at 10:17 AM, Arthur Dent
> <misc.lists at blueyonder.co.uk> wrote:
> > Do you speak perl?
> 
> I do. At least some.
> 
> > This is an extract of the clamdwatch script:
> >
> > # "CONFIG" section
> > #
> > # $Socket values:
> > #   = "3310" (as in the tcp port; make sure $ip is correct if you use this)
> > #   = "/path/to/clamd/socket"
> > my $Socket = $options{s} || "/var/run/clamd/clamd.sock";
> > my $log = $options{l} || 0;
> > my $ip = "127.0.0.1";
> > my $timeout = $options{t} || 15;
> > my $lockFile = $options{L} || "/var/lock/subsys/clamd";
> > my $quiet = $options{q} || 0;
> > my $sock;
> >
> > # reversed eicar
> > my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
> > srand;
> > my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
> > chmod('0644', $tempFile);
> >
> >
> > Could we change that line to add a chcon command?
> 
> You just need to enclose it in backquotes (`). So something like this
> `chcon -t clamd_tmp_t $templfile` would result in:
> 
> my $data = "*H+H\$!ELIF-TSET-SURIVITNA-DRADNATS-RACIE\$}7)CC7)^P(45XZP\\4\[PA\@\%P!O5X";
> srand;
> my ($fh, $tempFile) = mkstemp( "/tmp/clamdwatch-XXXXXXXXXXXXXXXX" );
> `chcon -t clamd_tmp_t $tempFile`
> chmod('0644', $tempFile);
> 
> However, I think that the mkstemp call is failing since I think this
> script cannot write into the /tmp/ directory. You may need to do
> something like create a /tmp/clamd/ directory and give it a
> clamd_tmp_t type.

Thank you Jason!

Adding `chcon -t clamd_tmp_t $tempFile` as you suggested did actually
work! (although I needed to add a ";" to the end of the line).

I haven't tried it from cron yet, but it works from the command line.

Thanks again.

Mark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100825/e6e5a351/attachment.bin

More information about the selinux mailing list