On 08/23/2010 12:57 PM, Arthur Dent wrote:
On Mon, 2010-08-23 at 12:31 +0200, Dominick Grift wrote:
> On 08/23/2010 12:20 PM, Arthur Dent wrote:
>> On Mon, 2010-08-23 at 10:56 +0200, Dominick Grift wrote:
>>> On 08/23/2010 10:47 AM, Arthur Dent wrote:
>>>> On Mon, 2010-08-23 at 10:42 +0200, Dominick Grift wrote:
>>>>> On 08/23/2010 10:40 AM, Arthur Dent wrote:
>>>>>> On Mon, 2010-08-23 at 10:29 +0200, Dominick Grift wrote:
>>>>>>> On 08/23/2010 10:09 AM, Arthur Dent wrote:
>>>>>>>> On Sun, 2010-08-22 at 22:44 +0100, Arthur Dent wrote:
>>>>>>>>> On Sun, 2010-08-22 at 23:07 +0200, Dominick Grift
wrote:
>>>>>>>>>> On 08/22/2010 08:24 PM, Arthur Dent wrote:
>>>>>>>>>
>
> Looks like clamd again/or still runs in the init script domain.
> Therefore clamdscan cannot connect to it
>
> ps -auxZ | grep initrc_t
# ps -auxZ | grep initrc_t
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
system_u:system_r:initrc_t:s0 ddclient 1141 0.0 0.1 9148 1824 ? S Aug21
0:02 ddclient - sleeping for 20 seconds
unconfined_u:system_r:initrc_t:s0 clamav 19801 0.2 27.6 309276 279772 ? Ssl Aug22
4:01 /usr/local/sbin/clamd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 25217 0.0 0.0 4312 728 pts/0
S+ 11:55 0:00 grep initrc_t
So clamd runs in the wrong domain:
try:
matchpathcon /usr/local/sbin/clamd
chcon -t clamd_exec_t /usr/local/sbin/clamd
service clamd restart
>
> We need to make sure that clamd runs in its own domain.
>
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux