* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
@ 2012-03-01 10:27 Harry Ciao
2012-03-01 10:35 ` Harry Ciao
2012-03-06 14:00 ` Christopher J. PeBenito
0 siblings, 2 replies; 3+ messages in thread
From: Harry Ciao @ 2012-03-01 10:27 UTC (permalink / raw)
To: refpolicy
The label of clamd's log files is clamd_var_log_t instead of
clamav_log_t, which in fact has not been defined by clamav.pp. If such
un-decleared symbol is required by the clamav_append_log interface, the
whole optional block that calls this interface would not be enabled as
expected.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
clamav.if | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/clamav.if b/clamav.if
index 1f11572..bbac14a 100644
--- a/clamav.if
+++ b/clamav.if
@@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
#
interface(`clamav_append_log',`
gen_require(`
- type clamav_log_t;
+ type clamd_var_log_t;
')
logging_search_logs($1)
- allow $1 clamav_log_t:dir list_dir_perms;
- append_files_pattern($1, clamav_log_t, clamav_log_t)
+ allow $1 clamd_var_log_t:dir list_dir_perms;
+ append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
')
########################################
--
1.7.0.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
@ 2012-03-01 10:35 ` Harry Ciao
2012-03-06 14:00 ` Christopher J. PeBenito
1 sibling, 0 replies; 3+ messages in thread
From: Harry Ciao @ 2012-03-01 10:35 UTC (permalink / raw)
To: refpolicy
When the mta.pp is linked and expanded along with other modules, the
is_id_enabled function will throw out warning that "clamav_log_t" is
out-of-scoped (after I adding some printf before it returns 0). Turns
out this symbol is required by the clamav_append_log interface which in
turn is called by mte.pp.
clamav.te only defines one type for the log files, clamd_var_log_t,
which I guess should have been required in the clamav_append_log
interface. Otherwise the whole below optional block won't be properly
enabled:
optional_policy(`
clamav_stream_connect(system_mail_t)
clamav_append_log(system_mail_t)
')
Which could be surprising if people were wondering why the call of
clamav_stream_connect(system_mail_t) had not worked as expected.
Thanks,
Harry
On 03/01/2012 06:27 PM, Harry Ciao wrote:
> The label of clamd's log files is clamd_var_log_t instead of
> clamav_log_t, which in fact has not been defined by clamav.pp. If such
> un-decleared symbol is required by the clamav_append_log interface, the
> whole optional block that calls this interface would not be enabled as
> expected.
>
> Signed-off-by: Harry Ciao<qingtao.cao@windriver.com>
> ---
> clamav.if | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/clamav.if b/clamav.if
> index 1f11572..bbac14a 100644
> --- a/clamav.if
> +++ b/clamav.if
> @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
> #
> interface(`clamav_append_log',`
> gen_require(`
> - type clamav_log_t;
> + type clamd_var_log_t;
> ')
>
> logging_search_logs($1)
> - allow $1 clamav_log_t:dir list_dir_perms;
> - append_files_pattern($1, clamav_log_t, clamav_log_t)
> + allow $1 clamd_var_log_t:dir list_dir_perms;
> + append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
> ')
>
> ########################################
^ permalink raw reply [flat|nested] 3+ messages in thread* [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
2012-03-01 10:35 ` Harry Ciao
@ 2012-03-06 14:00 ` Christopher J. PeBenito
1 sibling, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2012-03-06 14:00 UTC (permalink / raw)
To: refpolicy
On 03/01/12 05:27, Harry Ciao wrote:
> The label of clamd's log files is clamd_var_log_t instead of
> clamav_log_t, which in fact has not been defined by clamav.pp. If such
> un-decleared symbol is required by the clamav_append_log interface, the
> whole optional block that calls this interface would not be enabled as
> expected.
Merged.
> Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
> ---
> clamav.if | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/clamav.if b/clamav.if
> index 1f11572..bbac14a 100644
> --- a/clamav.if
> +++ b/clamav.if
> @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
> #
> interface(`clamav_append_log',`
> gen_require(`
> - type clamav_log_t;
> + type clamd_var_log_t;
> ')
>
> logging_search_logs($1)
> - allow $1 clamav_log_t:dir list_dir_perms;
> - append_files_pattern($1, clamav_log_t, clamav_log_t)
> + allow $1 clamd_var_log_t:dir list_dir_perms;
> + append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
> ')
>
> ########################################
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-06 14:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-01 10:27 [refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface Harry Ciao
2012-03-01 10:35 ` Harry Ciao
2012-03-06 14:00 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.