[refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
@ 2012-03-01 10:27 Harry Ciao
  2012-03-01 10:35 ` Harry Ciao
  2012-03-06 14:00 ` Christopher J. PeBenito
  0 siblings, 2 replies; 3+ messages in thread
From: Harry Ciao @ 2012-03-01 10:27 UTC (permalink / raw)
  To: refpolicy

The label of clamd's log files is clamd_var_log_t instead of
clamav_log_t, which in fact has not been defined by clamav.pp. If such
un-decleared symbol is required by the clamav_append_log interface, the
whole optional block that calls this interface would not be enabled as
expected.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
 clamav.if |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/clamav.if b/clamav.if
index 1f11572..bbac14a 100644
--- a/clamav.if
+++ b/clamav.if
@@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
 #
 interface(`clamav_append_log',`
 	gen_require(`
-		type clamav_log_t;
+		type clamd_var_log_t;
 	')
 
 	logging_search_logs($1)
-	allow $1 clamav_log_t:dir list_dir_perms;
-	append_files_pattern($1, clamav_log_t, clamav_log_t)
+	allow $1 clamd_var_log_t:dir list_dir_perms;
+	append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
 ')
 
 ########################################
-- 
1.7.0.4

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
  2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
@ 2012-03-01 10:35 ` Harry Ciao
  2012-03-06 14:00 ` Christopher J. PeBenito
  1 sibling, 0 replies; 3+ messages in thread
From: Harry Ciao @ 2012-03-01 10:35 UTC (permalink / raw)
  To: refpolicy

When the mta.pp is linked and expanded along with other modules, the 
is_id_enabled function will throw out warning that "clamav_log_t" is 
out-of-scoped (after I adding some printf before it returns 0). Turns 
out this symbol is required by the clamav_append_log interface which in 
turn is called by mte.pp.

clamav.te only defines one type for the log files, clamd_var_log_t, 
which I guess should have been required in the clamav_append_log 
interface. Otherwise the whole below optional block won't be properly 
enabled:

optional_policy(`
         clamav_stream_connect(system_mail_t)
         clamav_append_log(system_mail_t)
')

Which could be surprising if people were wondering why the call of 
clamav_stream_connect(system_mail_t) had not worked as expected.

Thanks,
Harry

On 03/01/2012 06:27 PM, Harry Ciao wrote:
> The label of clamd's log files is clamd_var_log_t instead of
> clamav_log_t, which in fact has not been defined by clamav.pp. If such
> un-decleared symbol is required by the clamav_append_log interface, the
> whole optional block that calls this interface would not be enabled as
> expected.
>
> Signed-off-by: Harry Ciao<qingtao.cao@windriver.com>
> ---
>   clamav.if |    6 +++---
>   1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/clamav.if b/clamav.if
> index 1f11572..bbac14a 100644
> --- a/clamav.if
> +++ b/clamav.if
> @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
>   #
>   interface(`clamav_append_log',`
>   	gen_require(`
> -		type clamav_log_t;
> +		type clamd_var_log_t;
>   	')
>
>   	logging_search_logs($1)
> -	allow $1 clamav_log_t:dir list_dir_perms;
> -	append_files_pattern($1, clamav_log_t, clamav_log_t)
> +	allow $1 clamd_var_log_t:dir list_dir_perms;
> +	append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
>   ')
>
>   ########################################

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
  2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
  2012-03-01 10:35 ` Harry Ciao
@ 2012-03-06 14:00 ` Christopher J. PeBenito
  1 sibling, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2012-03-06 14:00 UTC (permalink / raw)
  To: refpolicy

On 03/01/12 05:27, Harry Ciao wrote:
> The label of clamd's log files is clamd_var_log_t instead of
> clamav_log_t, which in fact has not been defined by clamav.pp. If such
> un-decleared symbol is required by the clamav_append_log interface, the
> whole optional block that calls this interface would not be enabled as
> expected.

Merged.

> Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
> ---
>  clamav.if |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/clamav.if b/clamav.if
> index 1f11572..bbac14a 100644
> --- a/clamav.if
> +++ b/clamav.if
> @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
>  #
>  interface(`clamav_append_log',`
>  	gen_require(`
> -		type clamav_log_t;
> +		type clamd_var_log_t;
>  	')
>  
>  	logging_search_logs($1)
> -	allow $1 clamav_log_t:dir list_dir_perms;
> -	append_files_pattern($1, clamav_log_t, clamav_log_t)
> +	allow $1 clamd_var_log_t:dir list_dir_perms;
> +	append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
>  ')
>  
>  ########################################


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2012-03-06 14:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
2012-03-01 10:35 ` Harry Ciao
2012-03-06 14:00 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.