61298 – clamav policy files

Bug 61298 - clamav policy files

Summary: clamav policy files

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	petre rodan (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-08-22 14:51 UTC by petre rodan (RETIRED)
Modified:	2004-10-15 23:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
file_contexts (clamav.fc,878 bytes, text/plain) 2004-08-22 14:52 UTC, petre rodan (RETIRED)	Details
type enforcement (clamav.te,1.72 KB, text/plain) 2004-08-22 14:52 UTC, petre rodan (RETIRED)	Details
clamav_macro.te (clamav_macros.te,3.58 KB, text/plain) 2004-08-22 14:53 UTC, petre rodan (RETIRED)	Details
clamav.fc (clamav.fc,874 bytes, text/plain) 2004-08-23 10:48 UTC, petre rodan (RETIRED)	Details
clamav.te (clamav.te,1.43 KB, text/plain) 2004-08-23 10:49 UTC, petre rodan (RETIRED)	Details
clamav_macros.te (clamav_macros.te,3.46 KB, text/plain) 2004-08-23 10:49 UTC, petre rodan (RETIRED)	Details
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description petre rodan (RETIRED) gentoo-dev

2004-08-22 14:51:45 UTC

these changes have been made to system files:

/etc/clamav.conf:
+LogFile /var/log/clamd.log
+PidFile /var/run/clamd.pid
+LocalSocket /var/run/clamd

/etc/freshclam.conf:
+UpdateLogFile /var/log/freshclam.log

tunable.te:
+# uncoment this if you want staff_t and user_t to use clamdscan
+# ( highly unrecommended ! )
+define(`clamd_overseer')

global_macros.te:
#can_exec_any(domain)
[..]
ifdef(`ssh.te',`can_exec($1, ssh_exec_t)')
+ifdef(`clamav.te',`can_exec($1, clamav_exec_t)')

pls don't tell Method yet. I have to look over this tomorrow if I get a chance.

peter

Comment 1 petre rodan (RETIRED) gentoo-dev

2004-08-22 14:52:13 UTC

Created attachment 37969 [details]
file_contexts

Comment 2 petre rodan (RETIRED) gentoo-dev

2004-08-22 14:52:38 UTC

Created attachment 37970 [details]
type enforcement

Comment 3 petre rodan (RETIRED) gentoo-dev

2004-08-22 14:53:45 UTC

Created attachment 37971 [details]
clamav_macro.te

Comment 4 petre rodan (RETIRED) gentoo-dev

2004-08-23 10:48:41 UTC

Created attachment 38033 [details]
clamav.fc

Comment 5 petre rodan (RETIRED) gentoo-dev

2004-08-23 10:49:04 UTC

Created attachment 38034 [details]
clamav.te

Comment 6 petre rodan (RETIRED) gentoo-dev

2004-08-23 10:49:56 UTC

Created attachment 38035 [details]
clamav_macros.te

Comment 7 petre rodan (RETIRED) gentoo-dev

2004-08-23 10:52:33 UTC

tunable.te should read

+# uncoment this if you want clamd_t to be able to read user_home_t,
+# staff_home_t and sysadm_home_t files (this is used by clamdscan)
+# ( highly unrecommended ! )
+#define(`clamd_overseer')

Comment 8 petre rodan (RETIRED) gentoo-dev

2004-08-23 11:09:17 UTC

for maximum coverage:

macros/base_user_macros.te:
+ifdef(`clamav.te', `clamav_userdomain($1)')

Comment 9 petre rodan (RETIRED) gentoo-dev

2004-10-15 23:59:46 UTC

in CVS