Fix JIT usage for freshclam.
http://marc.info/?l=selinux&m=127893898208934&w=2
This commit is contained in:
parent
48c3c37cf2
commit
29f3bfa464
@ -1,3 +1,4 @@
|
|||||||
|
- Add JIT usage for freshclam.
|
||||||
- Remove ethereal module since the application was renamed to wireshark.
|
- Remove ethereal module since the application was renamed to wireshark.
|
||||||
- Remove duplicate/redundant rules, from Russell Coker.
|
- Remove duplicate/redundant rules, from Russell Coker.
|
||||||
- Increased default number of categories to 1024, from Russell Coker.
|
- Increased default number of categories to 1024, from Russell Coker.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
policy_module(clamav, 1.8.0)
|
policy_module(clamav, 1.8.1)
|
||||||
|
|
||||||
## <desc>
|
## <desc>
|
||||||
## <p>
|
## <p>
|
||||||
@ -145,6 +145,12 @@ optional_policy(`
|
|||||||
exim_read_spool_files(clamd_t)
|
exim_read_spool_files(clamd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`clamd_use_jit',`
|
||||||
|
allow clamd_t self:process execmem;
|
||||||
|
', `
|
||||||
|
dontaudit clamd_t self:process execmem;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Freshclam local policy
|
# Freshclam local policy
|
||||||
@ -205,6 +211,12 @@ optional_policy(`
|
|||||||
cron_system_entry(freshclam_t, freshclam_exec_t)
|
cron_system_entry(freshclam_t, freshclam_exec_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
tunable_policy(`clamd_use_jit',`
|
||||||
|
allow freshclam_t self:process execmem;
|
||||||
|
', `
|
||||||
|
dontaudit freshclam_t self:process execmem;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# clamscam local policy
|
# clamscam local policy
|
||||||
@ -254,12 +266,6 @@ clamav_stream_connect(clamscan_t)
|
|||||||
|
|
||||||
mta_send_mail(clamscan_t)
|
mta_send_mail(clamscan_t)
|
||||||
|
|
||||||
tunable_policy(`clamd_use_jit',`
|
|
||||||
allow clamd_t self:process execmem;
|
|
||||||
', `
|
|
||||||
dontaudit clamd_t self:process execmem;
|
|
||||||
')
|
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
amavis_read_spool_files(clamscan_t)
|
amavis_read_spool_files(clamscan_t)
|
||||||
')
|
')
|
||||||
|
Loading…
Reference in New Issue
Block a user