these changes have been made to system files: /etc/clamav.conf: +LogFile /var/log/clamd.log +PidFile /var/run/clamd.pid +LocalSocket /var/run/clamd /etc/freshclam.conf: +UpdateLogFile /var/log/freshclam.log tunable.te: +# uncoment this if you want staff_t and user_t to use clamdscan +# ( highly unrecommended ! ) +define(`clamd_overseer') global_macros.te: #can_exec_any(domain) [..] ifdef(`ssh.te',`can_exec($1, ssh_exec_t)') +ifdef(`clamav.te',`can_exec($1, clamav_exec_t)') pls don't tell Method yet. I have to look over this tomorrow if I get a chance. peter
Created attachment 37969 [details] file_contexts
Created attachment 37970 [details] type enforcement
Created attachment 37971 [details] clamav_macro.te
Created attachment 38033 [details] clamav.fc
Created attachment 38034 [details] clamav.te
Created attachment 38035 [details] clamav_macros.te
tunable.te should read +# uncoment this if you want clamd_t to be able to read user_home_t, +# staff_home_t and sysadm_home_t files (this is used by clamdscan) +# ( highly unrecommended ! ) +#define(`clamd_overseer')
for maximum coverage: macros/base_user_macros.te: +ifdef(`clamav.te', `clamav_userdomain($1)')
in CVS