search for: clamd_var_lib_t

..._t:dir search; #============= postfix_local_t ============== allow postfix_local_t home_root_t:file { create getattr link unlink write }; allow postfix_local_t admin_home_t:dir { create read write }; allow postfix_local_t home_root_t:dir { add_name create remove_name write }; allow postfix_local_t clamd_var_lib_t:dir { add_name create remove_name \ rename setattr write read }; allow postfix_local_t clamd_var_lib_t:file { create link lock read rename \ getattr setattr unlink write }; allow postfix_local_t home_root_t:dir { rename setattr }; allow postfix_local_t self:capability { sys_nice chown }; allow po...

...see are these: audit2allow -l -a #============= amavis_t ============== allow amavis_t sysfs_t:dir read; allow amavis_t sysfs_t:file open; #============= clamscan_t ============== #!!!! The source type 'clamscan_t' can write to a 'dir' of the following types: # clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t allow clamscan_t amavis_spool_t:dir write; #============= postfix_smtp_t ============== allow postfix_smtp_t postfix_spool_maildrop_t:file open; #============= spamd_t ============== allow spamd_t etc_runtime_t:file append; Is there anything wrong with just creating a local poli...

...is ignored... # grep clam /etc/selinux/targeted/contexts/files/file_contexts /etc/clamav(/.*)? system_u:object_r:clamd_etc_t:s0 /var/run/clamd.* system_u:object_r:clamd_var_run_t:s0 /var/run/clamav.* system_u:object_r:clamd_var_run_t:s0 /var/lib/clamav(/.*)? system_u:object_r:clamd_var_lib_t:s0 /var/log/clamav(/.*)? system_u:object_r:clamd_var_log_t:s0 /var/run/amavis(d)?/clamd\.pid -- system_u:object_r:clamd_var_run_t:s0 /var/log/clamav/freshclam.* -- system_u:object_r:freshclam_var_log_t:s0 /usr/sbin/clamd -- system_u:object_r:clamd_exec_t:s0 /usr/bin/clamscan --...