[refpolicy] [PATCH 1/1] Fix the symbol required in the clamav_append_log interface.
Harry Ciao
qingtao.cao at windriver.com
Thu Mar 1 04:35:58 CST 2012
When the mta.pp is linked and expanded along with other modules, the
is_id_enabled function will throw out warning that "clamav_log_t" is
out-of-scoped (after I adding some printf before it returns 0). Turns
out this symbol is required by the clamav_append_log interface which in
turn is called by mte.pp.
clamav.te only defines one type for the log files, clamd_var_log_t,
which I guess should have been required in the clamav_append_log
interface. Otherwise the whole below optional block won't be properly
enabled:
optional_policy(`
clamav_stream_connect(system_mail_t)
clamav_append_log(system_mail_t)
')
Which could be surprising if people were wondering why the call of
clamav_stream_connect(system_mail_t) had not worked as expected.
Thanks,
Harry
On 03/01/2012 06:27 PM, Harry Ciao wrote:
> The label of clamd's log files is clamd_var_log_t instead of
> clamav_log_t, which in fact has not been defined by clamav.pp. If such
> un-decleared symbol is required by the clamav_append_log interface, the
> whole optional block that calls this interface would not be enabled as
> expected.
>
> Signed-off-by: Harry Ciao<qingtao.cao at windriver.com>
> ---
> clamav.if | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/clamav.if b/clamav.if
> index 1f11572..bbac14a 100644
> --- a/clamav.if
> +++ b/clamav.if
> @@ -49,12 +49,12 @@ interface(`clamav_stream_connect',`
> #
> interface(`clamav_append_log',`
> gen_require(`
> - type clamav_log_t;
> + type clamd_var_log_t;
> ')
>
> logging_search_logs($1)
> - allow $1 clamav_log_t:dir list_dir_perms;
> - append_files_pattern($1, clamav_log_t, clamav_log_t)
> + allow $1 clamd_var_log_t:dir list_dir_perms;
> + append_files_pattern($1, clamd_var_log_t, clamd_var_log_t)
> ')
>
> ########################################
More information about the refpolicy
mailing list