Add some SELinux notes from (#787434)

2018-07-29 06:59:45 +01:00 · 2018-07-29 06:59:45 +01:00 · 8ee8f4650d
commit 8ee8f4650d
parent 97c2b729d7
1 changed files with 16 additions and 1 deletions
--- a/17
+++ b/17
@ -50,10 +50,25 @@ so that the socket can be accessed by clamd and by the applications
 using clamd. Make sure that the socket is not world accessible; else,
 DOS attacks or worse are trivial.

+After emulating these steps by hand (or else rebooting), you still need set
+SELinux:
+
+ chcon -t clamd_var_run_t /var/run/clamd.<SERVICE>
+or
+ restorecon -R -v "/var/run/clamd.<SERVICE>"
+
+More SELinux notes:
+you may need run:
+
+ setsebool -P antivirus_can_scan_system 1
+
+and also maybe this one (I need to confirm that is obsolete)
+
+ setsebool -P antivirus_use_jit 1

 [Disclaimer:
 this file and the script/configfiles are not part of the official
 clamav package.

 Please send complaints and comments to
- mailto:enrico.scholz@informatik.tu-chemnitz.de!]
+ https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav]