From mboxrd@z Thu Jan 1 00:00:00 1970 From: qingtao.cao@windriver.com (Harry Ciao) Date: Thu, 1 Mar 2012 18:35:58 +0800 Subject: [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface. In-Reply-To: <1330597659-30214-1-git-send-email-qingtao.cao@windriver.com> References: <1330597659-30214-1-git-send-email-qingtao.cao@windriver.com> Message-ID: <4F4F510E.1040504@windriver.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com When the mta.pp is linked and expanded along with other modules, the is_id_enabled function will throw out warning that "clamav_log_t" is out-of-scoped (after I adding some printf before it returns 0). Turns out this symbol is required by the clamav_append_log interface which in turn is called by mte.pp. clamav.te only defines one type for the log files, clamd_var_log_t, which I guess should have been required in the clamav_append_log interface. Otherwise the whole below optional block won't be properly enabled: optional_policy(` clamav_stream_connect(system_mail_t) clamav_append_log(system_mail_t) ') Which could be surprising if people were wondering why the call of clamav_stream_connect(system_mail_t) had not worked as expected. Thanks, Harry On 03/01/2012 06:27 PM, Harry Ciao wrote: > The label of clamd's log files is clamd_var_log_t instead of > clamav_log_t, which in fact has not been defined by clamav.pp. If such > un-decleared symbol is required by the clamav_append_log interface, the > whole optional block that calls this interface would not be enabled as > expected. > > Signed-off-by: Harry Ciao > --- > clamav.if | 6 +++--- > 1 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/clamav.if b/clamav.if > index 1f11572..bbac14a 100644 > --- a/clamav.if > +++ b/clamav.if > @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',` > # > interface(`clamav_append_log',` > gen_require(` > - type clamav_log_t; > + type clamd_var_log_t; > ') > > logging_search_logs($1) > - allow $1 clamav_log_t:dir list_dir_perms; > - append_files_pattern($1, clamav_log_t, clamav_log_t) > + allow $1 clamd_var_log_t:dir list_dir_perms; > + append_files_pattern($1, clamd_var_log_t, clamd_var_log_t) > ') > > ########################################