Hello all. > cat /etc/os-release ... PRETTY_NAME="Fedora Linux 39.20240610.0 (Silverblue)" ... > getenforce Enforcing > rpm -qa|grep clamav clamav-lib-1.0.6-1.fc39.x86_64 clamav-filesystem-1.0.6-1.fc39.noarch clamav-freshclam-1.0.6-1.fc39.x86_64 clamav-1.0.6-1.fc39.x86_64 I have configured /etc/freshclam.conf with: DNSDatabaseInfo current.cvd.clamav.net.XXX DatabaseMirror database.clamav.net.XXX OnErrorExecute echo "$(/usr/bin/hostname) Freshclam updating viruses signatures database failed." > /tmp/err But SELinux blocks OnErrorExecute: > sudo ausearch --context antivirus_t -m avc show entries like: ---- time->Thu Jun 13 20:26:32 2024 type=AVC msg=audit(1718303192.373:1558): avc: denied { execute } for pid=20747 comm="sh" name="hostname" dev="dm-0" ino=671942 scontext=system_u:system_r:antivirus_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=0 ---- time->Thu Jun 13 20:24:46 2024 type=AVC msg=audit(1718303086.010:1519): avc: denied { map } for pid=20568 comm="hostname" path="/usr/bin/hostname" dev="dm-0" ino=671942 scontext=system_u:system_r:antivirus_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=0 ---- time->Thu Jun 13 20:16:02 2024 type=AVC msg=audit(1718302562.264:1328): avc: denied { execute_no_trans } for pid=19633 comm="sh" path="/usr/bin/hostname" dev="dm-0" ino=671942 scontext=system_u:system_r:antivirus_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file permissive=0 ==================== Is there some way to give some setting to clamav-freshclam.service that will make it work ? May by SELinuxContext=, or some other, but if so then how to set it ?
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.