On 08/25/2010 08:13 PM, Arthur Dent wrote:
On Mon, 2010-08-23 at 20:50 +0200, Dominick Grift wrote:
>
> open your ~/myclamd/myclamd.te file and append the following:
>
> gen_require(`
> type clamscan_t;
> ')
>
> procmail_rw_tmp_files(clamscan_t)
> mta_read_queue(clamscan_t)
>
>
> Then rebuild be binary representation and reinstall it:
>
> cd ~/myclamd;
> make -f /usr/share/selinux/devel/Makefile myclamd.pp
> sudo semodule -i myclamd.pp
>
> Next rebuild the policy with the hidden denials loaded.
>
> sudo semodule -B
I'm afraid we're still not quite there yet...
This is from /var/log/clamd.log:
Wed Aug 25 18:27:05 2010 -> WARNING: Control message truncated, no control data
received, 1 bytes read(Is SELinux/AppArmor enabled, and blocking file descriptor
passing?)
Wed Aug 25 18:27:05 2010 -> WARNING: Error condition on fd 9
I have no idea what fd 9 is.
Probably a file descriptor we missed. run semodule -DB to unload hidden
denials, try to reproduce it and send the AVC denials you are getting so
that we can review them and fix it.
I also still have a problem with clamdwatch, but I'll deal with
that in
a separate posting.
Thanks for your patience and help.
Mark
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux