[prev in list] [next in list] [prev in thread] [next in thread] 

List:       clamav-users
Subject:    [clamav-users] onaccess scanning and selinux
From:       Franky Van Liedekerke via clamav-users <clamav-users () lists ! clamav ! net>
Date:       2019-03-14 16:28:40
Message-ID: edaf191fb557ac5571ad6be6f6bd60c8 () wagner ! galaxit ! be
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


When using onaccess scanning together with selinux, it seems these
2 are not sufficient:


setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1


Onaccess scanning will still fail to initialize (at least when
launched via systemd). Currently I added this:


semanage permissive -a antivirus_t


But I presume that's in fact a little too much. There's no real doc
found at clamav concerning selinux either, so could someone shed a
light on this?


Franky

[Attachment #5 (text/html)]

<html>
<head>
<style type="text/css">
body,p,td,div,span{
	font-size:13px; font-family:Arial, Helvetica, sans-serif;
};
body p{
	margin:0px;
}
</style>
</head>
<body><div>When using onaccess scanning together with selinux, it seems these 2 are \
not sufficient:</div><div><br></div><div>setsebool -P antivirus_can_scan_system \
1</div><div>setsebool -P clamd_use_jit 1</div><div><br></div><div>Onaccess scanning \
will still fail to initialize (at least when launched via systemd). Currently I added \
this:</div><div><br></div><div>semanage permissive -a \
antivirus_t</div><div><br></div><div>But I presume that's in fact a little too much. \
There's no real doc found at clamav concerning selinux either, so could someone shed \
a light on this?</div><br><br>Franky</body></html>



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


[prev in list] [next in list] [prev in thread] [next in thread]