--On Tuesday, June 09, 2009 10:15 AM -0500 Stephen L Johnson
<[email protected]> wrote:
If I understand you question, you can run the clamd process as the
'defang' user. It's easy enough for me because I maintain my own
customized (for my site) ClamAV rpm package. Another option is to add
the users the processes (clamd, spamd, etc) run under to the 'defang'
group and change permissions on the MD directory to allow the proper
access.
I'll give that a try, but SELinux doesn't work by owner/mode permissions.
Instead, you "label" files and programs (using the chcon utility). The
machine has a policy comprising a list of triplets: program/action/object.
For a program (eg. clamd/mimedefang) to apply an action (eg. read file) to
an object (eg. the directories and file in MD's path), a matching triplet
must be in the policy. (The policy is a binary object in the kernel,
compiled from a text description.)
So there has to be a suitable policy (packages can load sub-policies) and
the files they access have to be labeled accordingly.
You can use "ls -Z" to see the labels on files.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
