* [refpolicy] services_clamav.patch
@ 2008-09-24 20:45 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:45 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_clamav.patch
Add initrc script support
allow admin to start/stop service
Admin needs admin_pattern on all file types
Add file context for /usr/sbin/clamav-milter and /var/run, /var/log files
clamd needs to read system state
can exec shell
binds and connects to generic ports
can send mail
tcp connecs to clamd port
can read mail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjapwcACgkQrlYvE4MpobO3zgCfe20CtgQUgOKisLPelfwsDhju
SOIAoJGNJvY4CHh+Mekc/Xf4ghn/B/a9
=dxIz
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
@ 2009-06-08 21:56 Daniel J Walsh
2009-07-21 14:11 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-06-08 21:56 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_clamav.patch
Add files context for initrc scripts
Label clamav-milter as a clamd_exec_t
Fix labels for /var/run/clamav and clamd
Add additiona interfaces to be used by other domains.
clamscan can tcp connect to clamd port
clamscan sends mail.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
2009-06-08 21:56 [refpolicy] services_clamav.patch Daniel J Walsh
@ 2009-07-21 14:11 ` Christopher J. PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2009-07-21 14:11 UTC (permalink / raw)
To: refpolicy
On Mon, 2009-06-08 at 17:56 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_clamav.patch
>
> Add files context for initrc scripts
>
> Label clamav-milter as a clamd_exec_t
>
> Fix labels for /var/run/clamav and clamd
>
> Add additiona interfaces to be used by other domains.
>
> clamscan can tcp connect to clamd port
>
> clamscan sends mail.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
@ 2009-11-12 21:18 Daniel J Walsh
2010-01-07 16:52 ` Christopher J. PeBenito
0 siblings, 1 reply; 7+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:18 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_clamav.patch
clamd calls getpw so needs auth_use_nsswitch
can be started via cron
reads amavis spool
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
2009-11-12 21:18 Daniel J Walsh
@ 2010-01-07 16:52 ` Christopher J. PeBenito
0 siblings, 0 replies; 7+ messages in thread
From: Christopher J. PeBenito @ 2010-01-07 16:52 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-11-12 at 16:18 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_clamav.patch
>
> clamd calls getpw so needs auth_use_nsswitch
>
> can be started via cron
>
> reads amavis spool
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
@ 2010-02-23 20:02 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:02 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_clamav.patch
bind_setattr_zone_dirs(initrc_t)
freshclam sends syslog messages
clamd tries to sys_tty_config, which dontaudit seems to work.
Can connect to unix processes
^ permalink raw reply [flat|nested] 7+ messages in thread
* [refpolicy] services_clamav.patch
@ 2010-08-26 21:01 Daniel J Walsh
0 siblings, 0 replies; 7+ messages in thread
From: Daniel J Walsh @ 2010-08-26 21:01 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_clamav.patch
Clamd domains need execmem
communicate with the clamd port
freshclam reads kernel data and communicates with users.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx21i0ACgkQrlYvE4MpobO+MwCfX9MJ59uQWRyxBvfO1m6u7zpL
8yEAoOGgD5oDjPloGHvasTNsSUi27qiv
=HWt5
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-26 21:01 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-08 21:56 [refpolicy] services_clamav.patch Daniel J Walsh
2009-07-21 14:11 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-08-26 21:01 Daniel J Walsh
2010-02-23 20:02 Daniel J Walsh
2009-11-12 21:18 Daniel J Walsh
2010-01-07 16:52 ` Christopher J. PeBenito
2008-09-24 20:45 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.