FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-27-2008, 07:24 PM
Arthur Dent
 
Default Clamd getting out of hand...

Hello All,

I have been using SELinux in enforcing mode on my F8 box for some time
now. I had to go through a bit of pain to get clamassassin working with
clamd to scan my emails but it worked OK.

This weekend I upgraded to F9 and have now had about a gazillion AVC
denials related to clamd.

I have therefore been forced to use audit2allow to add to the already
pretty cumbersome local policy I had with F8.

I list the policy below. All of the entries are as a result of some
denial and subsequent audit2allow policy generation.

My question is basically - can one of you gurus tell me if all this
stuff is still necessary? Is there a policy in the works that might
avoid all this?

Thanks in advance

AD


##########################################
# cat myclamd.te
policy_module(myclamd, 1.1.11)
require {
type clamscan_t;
type clamd_t;
class tcp_socket { write create connect };
type var_run_t;
type user_home_t;
class sock_file { write unlink create };
class file append;
type unlabeled_t;
class association recvfrom;

}

#============= clamd_t ==============
allow clamd_t var_run_t:sock_file { unlink create };
corenet_tcp_bind_generic_port(clamd_t)
userdom_read_generic_user_home_content_files(clamd _t)

#============= clamscan_t ==============
allow clamscan_t self:tcp_socket { write create connect };
allow clamscan_t user_home_t:file append;
allow clamscan_t var_run_t:sock_file write;
corenet_tcp_connect_generic_port(clamscan_t)
corenet_sendrecv_unlabeled_packets(clamscan_t)
mta_read_queue(clamscan_t)
procmail_rw_tmp_files(clamscan_t)
userdom_read_generic_user_home_content_files(clams can_t)
allow clamscan_t unlabeled_t:association recvfrom;
##########################################
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-30-2008, 03:24 PM
Daniel J Walsh
 
Default Clamd getting out of hand...

Arthur Dent wrote:
> Hello All,
>
> I have been using SELinux in enforcing mode on my F8 box for some time
> now. I had to go through a bit of pain to get clamassassin working with
> clamd to scan my emails but it worked OK.
>
> This weekend I upgraded to F9 and have now had about a gazillion AVC
> denials related to clamd.
>
> I have therefore been forced to use audit2allow to add to the already
> pretty cumbersome local policy I had with F8.
>
> I list the policy below. All of the entries are as a result of some
> denial and subsequent audit2allow policy generation.
>
> My question is basically - can one of you gurus tell me if all this
> stuff is still necessary? Is there a policy in the works that might
> avoid all this?
>
> Thanks in advance
>
> AD
>
>
> ##########################################
> # cat myclamd.te
> policy_module(myclamd, 1.1.11)
> require {
> type clamscan_t;
> type clamd_t;
> class tcp_socket { write create connect };
> type var_run_t;
> type user_home_t;
> class sock_file { write unlink create };
> class file append;
> type unlabeled_t;
> class association recvfrom;
>
> }
>
> #============= clamd_t ==============
> allow clamd_t var_run_t:sock_file { unlink create };
Looks like a labeling problem.
> corenet_tcp_bind_generic_port(clamd_t)
What port did it bind to?
> userdom_read_generic_user_home_content_files(clamd _t)
>
> #============= clamscan_t ==============
> allow clamscan_t self:tcp_socket { write create connect };
> allow clamscan_t user_home_t:file append;
Labeling?
> allow clamscan_t var_run_t:sock_file write;
> corenet_tcp_connect_generic_port(clamscan_t)
> corenet_sendrecv_unlabeled_packets(clamscan_t)
> mta_read_queue(clamscan_t)
> procmail_rw_tmp_files(clamscan_t)
> userdom_read_generic_user_home_content_files(clams can_t)
> allow clamscan_t unlabeled_t:association recvfrom;
> ##########################################
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please attach the avc's used to create this policy?

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-30-2008, 05:29 PM
Arthur Dent
 
Default Clamd getting out of hand...

On Wed, Jul 30, 2008 at 11:24:47AM -0400, Daniel J Walsh wrote:
> Arthur Dent wrote:
> > Hello All,
> >
> > I have been using SELinux in enforcing mode on my F8 box for some time
> > now. I had to go through a bit of pain to get clamassassin working with
> > clamd to scan my emails but it worked OK.
> >
> > This weekend I upgraded to F9 and have now had about a gazillion AVC
> > denials related to clamd.
> >
> > I have therefore been forced to use audit2allow to add to the already
> > pretty cumbersome local policy I had with F8.
> >
> > I list the policy below. All of the entries are as a result of some
> > denial and subsequent audit2allow policy generation.
> >
> > My question is basically - can one of you gurus tell me if all this
> > stuff is still necessary? Is there a policy in the works that might
> > avoid all this?
> >
> > Thanks in advance
> >
> > AD
> >
> >
> > ##########################################
> > # cat myclamd.te
> > policy_module(myclamd, 1.1.11)
> > require {
> > type clamscan_t;
> > type clamd_t;
> > class tcp_socket { write create connect };
> > type var_run_t;
> > type user_home_t;
> > class sock_file { write unlink create };
> > class file append;
> > type unlabeled_t;
> > class association recvfrom;
> >
> > }
> >
> > #============= clamd_t ==============
> > allow clamd_t var_run_t:sock_file { unlink create };
> Looks like a labeling problem.

Well I did run touch /.autorelabel; reboot

> > corenet_tcp_bind_generic_port(clamd_t)
> What port did it bind to?

In case it helps I have posted my entire clamd.conf file here:
http://pastebin.com/m72927397

> > userdom_read_generic_user_home_content_files(clamd _t)
> >
> > #============= clamscan_t ==============
> > allow clamscan_t self:tcp_socket { write create connect };
> > allow clamscan_t user_home_t:file append;
> Labeling?
> > allow clamscan_t var_run_t:sock_file write;
> > corenet_tcp_connect_generic_port(clamscan_t)
> > corenet_sendrecv_unlabeled_packets(clamscan_t)
> > mta_read_queue(clamscan_t)
> > procmail_rw_tmp_files(clamscan_t)
> > userdom_read_generic_user_home_content_files(clams can_t)
> > allow clamscan_t unlabeled_t:association recvfrom;
> > ##########################################
> >
> Please attach the avc's used to create this policy?

Well I no longer have many of the older ones - much of the above was
generated when I was running F8. If it's really important I could try
to recover them from the backup archive - but that would be quite a lot
of work...

A selection of some of the 500 or so recent ones (since my upgrade
to F9) can be found here:
http://pastebin.com/m7b60d46a

My current policy (now up to version 14!) looks like this (below),
though with it in place everything now works fine. I have one other
problem (with VMWare and unrelated to this) which merits its own thread
and which I will post later.

In the meantime time, thank you very much for your help. It's much
appreciated...

AD

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-30-2008, 05:41 PM
Arthur Dent
 
Default Clamd getting out of hand...

On Wed, Jul 30, 2008 at 06:29:23PM +0100, Arthur Dent wrote:
>
> My current policy (now up to version 14!) looks like this (below),

Ooopps. Forgot to include that...

Here it is:
##########################################
# cat myclamd.te
policy_module(myclamd, 1.1.14)
require {
type clamscan_t;
type clamd_t;
class tcp_socket { write create connect };
type var_run_t;
type user_home_t;
class sock_file { write unlink create };
class file append;
type unlabeled_t;
class association recvfrom;
type procmail_log_t;

}

#============= clamd_t ==============
allow clamd_t var_run_t:sock_file { unlink create };
corenet_tcp_bind_generic_port(clamd_t)
#corenet_tcp_bind_mail_port(clamd_t)
#corenet_tcp_bind_msnp_port(clamd_t)
#corenet_tcp_bind_asterisk_port(clamd_t)
userdom_read_generic_user_home_content_files(clamd _t)

#============= clamscan_t ==============
allow clamscan_t self:tcp_socket { write create connect };
allow clamscan_t user_home_t:file append;
allow clamscan_t var_run_t:sock_file write;
corenet_tcp_connect_generic_port(clamscan_t)
corenet_sendrecv_unlabeled_packets(clamscan_t)
mta_read_queue(clamscan_t)
procmail_rw_tmp_files(clamscan_t)
userdom_read_generic_user_home_content_files(clams can_t)
allow clamscan_t unlabeled_t:association recvfrom;
sendmail_rw_pipes(clamscan_t)
allow clamscan_t procmail_log_t:file append;
##########################################

Thanks again!

AD
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-30-2008, 07:31 PM
Daniel J Walsh
 
Default Clamd getting out of hand...

Arthur Dent wrote:
> On Wed, Jul 30, 2008 at 06:29:23PM +0100, Arthur Dent wrote:
>> My current policy (now up to version 14!) looks like this (below),
>
> Ooopps. Forgot to include that...
>
> Here it is:
> ##########################################
> # cat myclamd.te
> policy_module(myclamd, 1.1.14)
> require {
> type clamscan_t;
> type clamd_t;
> class tcp_socket { write create connect };
> type var_run_t;
> type user_home_t;
> class sock_file { write unlink create };
> class file append;
> type unlabeled_t;
> class association recvfrom;
> type procmail_log_t;
>
> }
>
> #============= clamd_t ==============
> allow clamd_t var_run_t:sock_file { unlink create };
> corenet_tcp_bind_generic_port(clamd_t)
> #corenet_tcp_bind_mail_port(clamd_t)
> #corenet_tcp_bind_msnp_port(clamd_t)
> #corenet_tcp_bind_asterisk_port(clamd_t)
> userdom_read_generic_user_home_content_files(clamd _t)
>
> #============= clamscan_t ==============
> allow clamscan_t self:tcp_socket { write create connect };
> allow clamscan_t user_home_t:file append;
> allow clamscan_t var_run_t:sock_file write;
> corenet_tcp_connect_generic_port(clamscan_t)
> corenet_sendrecv_unlabeled_packets(clamscan_t)
> mta_read_queue(clamscan_t)
> procmail_rw_tmp_files(clamscan_t)
> userdom_read_generic_user_home_content_files(clams can_t)
> allow clamscan_t unlabeled_t:association recvfrom;
> sendmail_rw_pipes(clamscan_t)
> allow clamscan_t procmail_log_t:file append;
> ##########################################
>
> Thanks again!
>
> AD
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
If you change the labeling on /var/run/clamd to clamd_var_run_t

chcon -R -t clamd_var_run_t /var/run/clamd

It should eliminate a couple of allow rules on /var/run above.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-30-2008, 07:33 PM
Daniel J Walsh
 
Default Clamd getting out of hand...

Arthur Dent wrote:
> On Wed, Jul 30, 2008 at 11:24:47AM -0400, Daniel J Walsh wrote:
>> Arthur Dent wrote:
>>> Hello All,
>>>
>>> I have been using SELinux in enforcing mode on my F8 box for some time
>>> now. I had to go through a bit of pain to get clamassassin working with
>>> clamd to scan my emails but it worked OK.
>>>
>>> This weekend I upgraded to F9 and have now had about a gazillion AVC
>>> denials related to clamd.
>>>
>>> I have therefore been forced to use audit2allow to add to the already
>>> pretty cumbersome local policy I had with F8.
>>>
>>> I list the policy below. All of the entries are as a result of some
>>> denial and subsequent audit2allow policy generation.
>>>
>>> My question is basically - can one of you gurus tell me if all this
>>> stuff is still necessary? Is there a policy in the works that might
>>> avoid all this?
>>>
>>> Thanks in advance
>>>
>>> AD
>>>
>>>
>>> ##########################################
>>> # cat myclamd.te
>>> policy_module(myclamd, 1.1.11)
>>> require {
>>> type clamscan_t;
>>> type clamd_t;
>>> class tcp_socket { write create connect };
>>> type var_run_t;
>>> type user_home_t;
>>> class sock_file { write unlink create };
>>> class file append;
>>> type unlabeled_t;
>>> class association recvfrom;
>>>
>>> }
>>>
>>> #============= clamd_t ==============
>>> allow clamd_t var_run_t:sock_file { unlink create };
>> Looks like a labeling problem.
>
> Well I did run touch /.autorelabel; reboot
>
>>> corenet_tcp_bind_generic_port(clamd_t)
>> What port did it bind to?
>
> In case it helps I have posted my entire clamd.conf file here:
> http://pastebin.com/m72927397
>
>>> userdom_read_generic_user_home_content_files(clamd _t)
>>>
>>> #============= clamscan_t ==============
>>> allow clamscan_t self:tcp_socket { write create connect };
>>> allow clamscan_t user_home_t:file append;
>> Labeling?
>>> allow clamscan_t var_run_t:sock_file write;
>>> corenet_tcp_connect_generic_port(clamscan_t)
>>> corenet_sendrecv_unlabeled_packets(clamscan_t)
>>> mta_read_queue(clamscan_t)
>>> procmail_rw_tmp_files(clamscan_t)
>>> userdom_read_generic_user_home_content_files(clams can_t)
>>> allow clamscan_t unlabeled_t:association recvfrom;
>>> ##########################################
>>>
>> Please attach the avc's used to create this policy?
>
> Well I no longer have many of the older ones - much of the above was
> generated when I was running F8. If it's really important I could try
> to recover them from the backup archive - but that would be quite a lot
> of work...
>
> A selection of some of the 500 or so recent ones (since my upgrade
> to F9) can be found here:
> http://pastebin.com/m7b60d46a
>
> My current policy (now up to version 14!) looks like this (below),
> though with it in place everything now works fine. I have one other
> problem (with VMWare and unrelated to this) which merits its own thread
> and which I will post later.
>
> In the meantime time, thank you very much for your help. It's much
> appreciated...
>
> AD
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
But do you have the original avc messages used to generate the policy.
I want to see if we are missing transitions? What port is it
communicating with etc.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 08-06-2008, 09:48 AM
Arthur Dent
 
Default Clamd getting out of hand...

On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:


> But do you have the original avc messages used to generate the policy.
> I want to see if we are missing transitions? What port is it
> communicating with etc.

Apologies for the slow response. RL gets in the way sometimes...

To recap:

My mail chain is as follows:

fetchmail -> procmail
|
-> clamassassin -> spamassassin -> dovecot -> MUA
|
-> clamdscan
|
-> clamd

I had made several home-made policies to allow clamd to work under F8.
Following an upgrade to F9 I get a whole load more avc denials and have
had to add a bunch of policies to get it to work.

With SEL in enforcing mode (I know I should have set it to permissive
until I had sorted this out but I though each problem would be the
last..) the recent denials fell into 3 types:

sending denials
receiving denial
write to pipe denials

I got several hundred sending denials until I wrote a policy with
audit2allow then I got sever hundred receiving denials until I fixed
that and finally a ton of write-to pipe. If you look at the collection
of raw audit messages (just a sample) that I posted here

http://pastebin.com/m7b60d46a

you will see that almost every part of the mail chain seems to be
affected.

Finding the original avc messages from my F8 install would be hard work,
but I have included 3 (one of each type) from the F9 upgrade. You can
see them here:

http://pastebin.com/m1fc5a466

If you want others (as referred to in the raw avcs) just let me know.

So, clamd settings can be seen here (entire clamd.conf file) :
http://pastebin.com/m72927397
A selection of raw avc messages can be seen here:
http://pastebin.com/m7b60d46a
And 3 of the entire avc messages here:
http://pastebin.com/m1fc5a466


I really do thank you for your help...

AD


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 08-06-2008, 01:34 PM
Daniel J Walsh
 
Default Clamd getting out of hand...

Arthur Dent wrote:
> On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:
>
>
>> But do you have the original avc messages used to generate the policy.
>> I want to see if we are missing transitions? What port is it
>> communicating with etc.
>
> Apologies for the slow response. RL gets in the way sometimes...
>
> To recap:
>
> My mail chain is as follows:
>
> fetchmail -> procmail
> |
> -> clamassassin -> spamassassin -> dovecot -> MUA
> |
> -> clamdscan
> |
> -> clamd
>
> I had made several home-made policies to allow clamd to work under F8.
> Following an upgrade to F9 I get a whole load more avc denials and have
> had to add a bunch of policies to get it to work.
>
> With SEL in enforcing mode (I know I should have set it to permissive
> until I had sorted this out but I though each problem would be the
> last..) the recent denials fell into 3 types:
>
> sending denials
> receiving denial
> write to pipe denials
>
> I got several hundred sending denials until I wrote a policy with
> audit2allow then I got sever hundred receiving denials until I fixed
> that and finally a ton of write-to pipe. If you look at the collection
> of raw audit messages (just a sample) that I posted here
>
> http://pastebin.com/m7b60d46a
>
> you will see that almost every part of the mail chain seems to be
> affected.
>
> Finding the original avc messages from my F8 install would be hard work,
> but I have included 3 (one of each type) from the F9 upgrade. You can
> see them here:
>
> http://pastebin.com/m1fc5a466
>
> If you want others (as referred to in the raw avcs) just let me know.
>
> So, clamd settings can be seen here (entire clamd.conf file) :
> http://pastebin.com/m72927397
> A selection of raw avc messages can be seen here:
> http://pastebin.com/m7b60d46a
> And 3 of the entire avc messages here:
> http://pastebin.com/m1fc5a466
>
>
> I really do thank you for your help...
>
> AD
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Adding the following policy to clamscan

mta_send_mail(clamscan_t)
corenet_all_recvfrom_unlabeled(clamscan_t)
corenet_all_recvfrom_netlabel(clamscan_t)
corenet_tcp_sendrecv_all_if(clamscan_t)
corenet_tcp_sendrecv_all_nodes(clamscan_t)
corenet_tcp_sendrecv_all_ports(clamscan_t)
corenet_tcp_sendrecv_clamd_port(clamscan_t)
corenet_tcp_connect_clamd_port(clamscan_t)

Shoudl fix.

Updated in selinux-policy-3.3.1-85.fc9

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 08-12-2008, 04:47 PM
Arthur Dent
 
Default Clamd getting out of hand...

On Wed, Aug 06, 2008 at 09:34:03AM -0400, Daniel J Walsh wrote:
> Arthur Dent wrote:
> > On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:


> Adding the following policy to clamscan
>
> mta_send_mail(clamscan_t)
> corenet_all_recvfrom_unlabeled(clamscan_t)
> corenet_all_recvfrom_netlabel(clamscan_t)
> corenet_tcp_sendrecv_all_if(clamscan_t)
> corenet_tcp_sendrecv_all_nodes(clamscan_t)
> corenet_tcp_sendrecv_all_ports(clamscan_t)
> corenet_tcp_sendrecv_clamd_port(clamscan_t)
> corenet_tcp_connect_clamd_port(clamscan_t)
>
> Shoudl fix.
>
> Updated in selinux-policy-3.3.1-85.fc9

Hi Daniel,

Thank you very much for taking the time to help me on this.

This is the first chance I've had to test your policy. With setenforce
set to 0 and just the above lines in my clamd policy I got 11 (eleven)
AVC denials for the first inbound email.

I have put all 11 AVCs (full) here:

http://pastebin.com/m3126be9d


Running audit2allow on those says I should also have the following
policies:

require {
type clamscan_t;
type procmail_log_t;
type clamd_t;
class tcp_socket { write create connect };
class file append;
}
require {
type clamscan_t;
type procmail_log_t;
type clamd_t;
class tcp_socket { write create connect };
class file append;
}

#============= clamd_t ==============
corenet_tcp_bind_generic_port(clamd_t)

#============= clamscan_t ==============
allow clamscan_t procmail_log_t:file append;
allow clamscan_t self:tcp_socket { write create connect };
corenet_tcp_connect_generic_port(clamscan_t)
mta_read_queue(clamscan_t)
procmail_rw_tmp_files(clamscan_t)

What do you think?

Thanks again...

AD

p.s.

On Fri Aug 08 yum updated my system with selinux-policy-3.3.1-82.fc9.noarch.
You say that much of the above is in 3.3.1-85. Typically how long is the
gap between you releasing the policy and it getting into the repos for
we mortals?


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 08-12-2008, 07:31 PM
Daniel J Walsh
 
Default Clamd getting out of hand...

Arthur Dent wrote:
> On Wed, Aug 06, 2008 at 09:34:03AM -0400, Daniel J Walsh wrote:
>> Arthur Dent wrote:
>>> On Wed, Jul 30, 2008 at 03:33:14PM -0400, Daniel J Walsh wrote:
>
>
>> Adding the following policy to clamscan
>>
>> mta_send_mail(clamscan_t)
>> corenet_all_recvfrom_unlabeled(clamscan_t)
>> corenet_all_recvfrom_netlabel(clamscan_t)
>> corenet_tcp_sendrecv_all_if(clamscan_t)
>> corenet_tcp_sendrecv_all_nodes(clamscan_t)
>> corenet_tcp_sendrecv_all_ports(clamscan_t)
>> corenet_tcp_sendrecv_clamd_port(clamscan_t)
>> corenet_tcp_connect_clamd_port(clamscan_t)
>>
>> Shoudl fix.
>>
>> Updated in selinux-policy-3.3.1-85.fc9
>
> Hi Daniel,
>
> Thank you very much for taking the time to help me on this.
>
> This is the first chance I've had to test your policy. With setenforce
> set to 0 and just the above lines in my clamd policy I got 11 (eleven)
> AVC denials for the first inbound email.
>
> I have put all 11 AVCs (full) here:
>
> http://pastebin.com/m3126be9d
>
>
> Running audit2allow on those says I should also have the following
> policies:
>
> require {
> type clamscan_t;
> type procmail_log_t;
> type clamd_t;
> class tcp_socket { write create connect };
> class file append;
> }
> require {
> type clamscan_t;
> type procmail_log_t;
> type clamd_t;
> class tcp_socket { write create connect };
> class file append;
> }
>
> #============= clamd_t ==============
> corenet_tcp_bind_generic_port(clamd_t)
>
What port is it binding do?
> #============= clamscan_t ==============
> allow clamscan_t procmail_log_t:file append;
Sounds ok
> allow clamscan_t self:tcp_socket { write create connect };
allow clamscan_t self:tcp_socket create_stream_socket_perms;
> corenet_tcp_connect_generic_port(clamscan_t)
What port is it connecting to?
> mta_read_queue(clamscan_t)
> procmail_rw_tmp_files(clamscan_t)
Ok
>
> What do you think?
>
> Thanks again...
>
> AD
>
> p.s.
>
> On Fri Aug 08 yum updated my system with selinux-policy-3.3.1-82.fc9.noarch.
> You say that much of the above is in 3.3.1-85. Typically how long is the
> gap between you releasing the policy and it getting into the repos for
> we mortals?
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:34 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org