fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Clamd - again...

Re: Clamd - again...

From: Dominick Grift <domg472_at_nospam>
Date: Wed Aug 25 2010 - 18:18:33 GMT
To: selinux@lists.fedoraproject.org

On 08/25/2010 08:13 PM, Arthur Dent wrote:
> On Mon, 2010-08-23 at 20:50 +0200, Dominick Grift wrote:
>
>>
>> open your ~/myclamd/myclamd.te file and append the following:
>>
>> gen_require(`
>> type clamscan_t;
>> ')
>>
>> procmail_rw_tmp_files(clamscan_t)
>> mta_read_queue(clamscan_t)
>>
>>
>> Then rebuild be binary representation and reinstall it:
>>
>> cd ~/myclamd;
>> make -f /usr/share/selinux/devel/Makefile myclamd.pp
>> sudo semodule -i myclamd.pp
>>
>> Next rebuild the policy with the hidden denials loaded.
>>
>> sudo semodule -B
>
> I'm afraid we're still not quite there yet...
>
> This is from /var/log/clamd.log:
> Wed Aug 25 18:27:05 2010 -> WARNING: Control message truncated, no control data received, 1 bytes read(Is SELinux/AppArmor enabled, and blocking file descriptor passing?)
> Wed Aug 25 18:27:05 2010 -> WARNING: Error condition on fd 9
>
> I have no idea what fd 9 is.

Probably a file descriptor we missed. run semodule -DB to unload hidden
denials, try to reproduce it and send the AVC denials you are getting so
that we can review them and fix it.

> I also still have a problem with clamdwatch, but I'll deal with that in
> a separate posting.
>
> Thanks for your patience and help.
>
> Mark
>
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux