Yup, there's a brain damaged SE policy for clamav in RHEL5, despite there
being no official clamav package in the distro. There also appears to be
some bugs in ClamAV as well, since running freshclam in daemon mode gets SE
to complain about a daemon writing to it's controlling terminal (which a
daemon isn't supposed to do). I mentioned it here before during the -rc
releases of 0.91, but it didn't get fixed.
Anyway, I'm working on a specfile that tries to adhere to what the SE policy
expects, but there will have to be some localpolicy file to add to SE until
I can browbeat the sepolicy package maintainer to fix their clamav policy.
So, for now, I'd run CentOS in Permissive mode and if I were really
adventurous, I'd use one of the many methods described in various howto's to
create your own localpolicy file to work around the SE problem.
On 7/27/07, Daniel Bruno <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I am using clamd in CentOS 5, but now show this error message in the
> /var/log/messages:
>
>
> kernel: audit(1185543604.906:8): avc: denied { search } for pid=2530
> comm="clamd" name="kernel" dev=proc ino=-268435416
> scontext=root:system_r:clamd_t:s0
> tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
>
>
> Thanks,
> Daniel Bruno
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
