I'm not sure if its SELinux causing the problem where the scanner and updates as well won't run or is it something else. I'm using Red Hat Epel 6 x86-64
Hangup(1)
Автор
LunaNight
, дек 22 2010 07:52
4 ответов в этой теме
#2
Anton Ivanov
-
- Posters
- 842 Сообщений:
Advanced Member
Отправлено 22 Декабрь 2010 - 10:22
SeLinux may be cause of promblems with drweb and drwebd. try to stop it or add drweb and drwebd to SELinux exclude programs.
#3
LunaNight
-
- Posters
- 3 Сообщений:
Newbie
Отправлено 22 Декабрь 2010 - 10:32
That what I'm trying to figure out is how to exclude them from SELinux. Though I did find this https://bugzilla.redhat.com/show_bug.cgi?id=642014 which seems to be true as of today. Though better option is to exclude them from SELinux.
#4
Anton Ivanov
-
- Posters
- 842 Сообщений:
Advanced Member
Отправлено 22 Декабрь 2010 - 10:44
yes, better better option is to exclude drweb and drwebd them from SELinux
#5
LunaNight
-
- Posters
- 3 Сообщений:
Newbie
Отправлено 22 Декабрь 2010 - 21:43
The way that SELinux works it doesn't really exclude it, in other words makes a policy that makes Dr.Web work with it. There is two ways to do this.
One Suggested from the support staff is
setsebool -P allow_execheap=1
Which is a bad thing because this is to all programs but this pretty much the only way to get dr web to work.
The other way is this I found in another forum
http://forums.fedoraforum.org/showthread.p...disable+program
su -c 'cat /var/log/messages' | grep avc > (Name of file)
Then we do it again to refine the search for dr.web
su -c 'cat (Name of file)' | grep drweb > (Name of file refine for drweb)
There is always more than one avc so you must find the ones only to dr.web
Now to make a policy out of it
audit2allow -M (Whatever you want to call the policy) < (Name of file refine for drweb)
Now to install the policy
su -c 'semodule -i (name of policy).pp'
From there dr web should work fine. The only that gets to me since it generated a policy for dr web which you can view in vi or cat commands. It shows this(To view it cat (name of policy).te)
allow initrc_t self:process execheap;
allow unconfined_t self:process execheap;
Which is pretty much the same thing as the first one, but this a bit different I think. I believe the first workaround means its always on to allow execheap, the second workaround it only lets that process or program use until the process or program is done using it, but the only problem is if any other process or programs give that unconfined_t its pretty much having it turned on always. In other words it works for me.
One Suggested from the support staff is
setsebool -P allow_execheap=1
Which is a bad thing because this is to all programs but this pretty much the only way to get dr web to work.
The other way is this I found in another forum
http://forums.fedoraforum.org/showthread.p...disable+program
su -c 'cat /var/log/messages' | grep avc > (Name of file)
Then we do it again to refine the search for dr.web
su -c 'cat (Name of file)' | grep drweb > (Name of file refine for drweb)
There is always more than one avc so you must find the ones only to dr.web
Now to make a policy out of it
audit2allow -M (Whatever you want to call the policy) < (Name of file refine for drweb)
Now to install the policy
su -c 'semodule -i (name of policy).pp'
From there dr web should work fine. The only that gets to me since it generated a policy for dr web which you can view in vi or cat commands. It shows this(To view it cat (name of policy).te)
allow initrc_t self:process execheap;
allow unconfined_t self:process execheap;
Which is pretty much the same thing as the first one, but this a bit different I think. I believe the first workaround means its always on to allow execheap, the second workaround it only lets that process or program use until the process or program is done using it, but the only problem is if any other process or programs give that unconfined_t its pretty much having it turned on always. In other words it works for me.
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых
