[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: [clamav-users] onaccess scanning and selinux
From: Franky Van Liedekerke via clamav-users <clamav-users () lists ! clamav ! net>
Date: 2019-03-14 16:28:40
Message-ID: edaf191fb557ac5571ad6be6f6bd60c8 () wagner ! galaxit ! be
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
When using onaccess scanning together with selinux, it seems these
2 are not sufficient:
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
Onaccess scanning will still fail to initialize (at least when
launched via systemd). Currently I added this:
semanage permissive -a antivirus_t
But I presume that's in fact a little too much. There's no real doc
found at clamav concerning selinux either, so could someone shed a
light on this?
Franky
[Attachment #5 (text/html)]
<html>
<head>
<style type="text/css">
body,p,td,div,span{
font-size:13px; font-family:Arial, Helvetica, sans-serif;
};
body p{
margin:0px;
}
</style>
</head>
<body><div>When using onaccess scanning together with selinux, it seems these 2 are \
not sufficient:</div><div><br></div><div>setsebool -P antivirus_can_scan_system \
1</div><div>setsebool -P clamd_use_jit 1</div><div><br></div><div>Onaccess scanning \
will still fail to initialize (at least when launched via systemd). Currently I added \
this:</div><div><br></div><div>semanage permissive -a \
antivirus_t</div><div><br></div><div>But I presume that's in fact a little too much. \
There's no real doc found at clamav concerning selinux either, so could someone shed \
a light on this?</div><br><br>Franky</body></html>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic