Fix JIT usage for freshclam.

http://marc.info/?l=selinux&m=127893898208934&w=2
This commit is contained in:
Chris PeBenito 2010-07-13 08:39:54 -04:00
parent 48c3c37cf2
commit 29f3bfa464
2 changed files with 14 additions and 7 deletions

View File

@ -1,3 +1,4 @@
- Add JIT usage for freshclam.
- Remove ethereal module since the application was renamed to wireshark. - Remove ethereal module since the application was renamed to wireshark.
- Remove duplicate/redundant rules, from Russell Coker. - Remove duplicate/redundant rules, from Russell Coker.
- Increased default number of categories to 1024, from Russell Coker. - Increased default number of categories to 1024, from Russell Coker.

View File

@ -1,4 +1,4 @@
policy_module(clamav, 1.8.0) policy_module(clamav, 1.8.1)
## <desc> ## <desc>
## <p> ## <p>
@ -145,6 +145,12 @@ optional_policy(`
exim_read_spool_files(clamd_t) exim_read_spool_files(clamd_t)
') ')
tunable_policy(`clamd_use_jit',`
allow clamd_t self:process execmem;
', `
dontaudit clamd_t self:process execmem;
')
######################################## ########################################
# #
# Freshclam local policy # Freshclam local policy
@ -205,6 +211,12 @@ optional_policy(`
cron_system_entry(freshclam_t, freshclam_exec_t) cron_system_entry(freshclam_t, freshclam_exec_t)
') ')
tunable_policy(`clamd_use_jit',`
allow freshclam_t self:process execmem;
', `
dontaudit freshclam_t self:process execmem;
')
######################################## ########################################
# #
# clamscam local policy # clamscam local policy
@ -254,12 +266,6 @@ clamav_stream_connect(clamscan_t)
mta_send_mail(clamscan_t) mta_send_mail(clamscan_t)
tunable_policy(`clamd_use_jit',`
allow clamd_t self:process execmem;
', `
dontaudit clamd_t self:process execmem;
')
optional_policy(` optional_policy(`
amavis_read_spool_files(clamscan_t) amavis_read_spool_files(clamscan_t)
') ')