Fix JIT usage for freshclam.
http://marc.info/?l=selinux&m=127893898208934&w=2
This commit is contained in:
parent
48c3c37cf2
commit
29f3bfa464
@ -1,3 +1,4 @@
|
||||
- Add JIT usage for freshclam.
|
||||
- Remove ethereal module since the application was renamed to wireshark.
|
||||
- Remove duplicate/redundant rules, from Russell Coker.
|
||||
- Increased default number of categories to 1024, from Russell Coker.
|
||||
|
@ -1,4 +1,4 @@
|
||||
policy_module(clamav, 1.8.0)
|
||||
policy_module(clamav, 1.8.1)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
@ -145,6 +145,12 @@ optional_policy(`
|
||||
exim_read_spool_files(clamd_t)
|
||||
')
|
||||
|
||||
tunable_policy(`clamd_use_jit',`
|
||||
allow clamd_t self:process execmem;
|
||||
', `
|
||||
dontaudit clamd_t self:process execmem;
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# Freshclam local policy
|
||||
@ -205,6 +211,12 @@ optional_policy(`
|
||||
cron_system_entry(freshclam_t, freshclam_exec_t)
|
||||
')
|
||||
|
||||
tunable_policy(`clamd_use_jit',`
|
||||
allow freshclam_t self:process execmem;
|
||||
', `
|
||||
dontaudit freshclam_t self:process execmem;
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# clamscam local policy
|
||||
@ -254,12 +266,6 @@ clamav_stream_connect(clamscan_t)
|
||||
|
||||
mta_send_mail(clamscan_t)
|
||||
|
||||
tunable_policy(`clamd_use_jit',`
|
||||
allow clamd_t self:process execmem;
|
||||
', `
|
||||
dontaudit clamd_t self:process execmem;
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
amavis_read_spool_files(clamscan_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user