SELinux interfering with clamav?
Edward Kuns
ekuns at kilroy.chi.il.us
Sat Mar 1 03:45:23 UTC 2008
Interesting. After I enabled the last policy, I get one new AVC about
lnk files. I make a new policy using the same method as before and now
I get this policy:
module myclamav 1.0;
require {
type bin_t;
type clamd_t;
class lnk_file read;
class dir search;
}
#============= clamd_t ==============
allow clamd_t bin_t:dir search;
allow clamd_t bin_t:lnk_file read;
I'll let you know if more show up with the modified policy above
applied. Here is the AVC:
Summary
SELinux is preventing /usr/sbin/clamav-milter (clamd_t) "read" to
<Unknown>
(bin_t).
Detailed Description
SELinux denied access requested by /usr/sbin/clamav-milter. It is
not
expected that this access is required by /usr/sbin/clamav-milter and
this
access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it
to
require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could
try to
restore the default system file context for <Unknown>, restorecon -v
<Unknown> If this does not work, there is currently no automatic way
to
allow this access. Instead, you can generate a local policy module
to allow
this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this
package.
Additional Information
Source Context system_u:system_r:clamd_t:s0
Target Context system_u:object_r:bin_t:s0
Target Objects None [ lnk_file ]
Affected RPM Packages clamav-milter-0.92.1-1.fc8 [application]
Policy RPM selinux-policy-3.0.8-84.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name kilroy.chi.il.us
Platform Linux kilroy.chi.il.us 2.6.23.15-137.fc8
#1 SMP
Sun Feb 10 17:48:34 EST 2008 i686 i686
Alert Count 4
First Seen Fri 29 Feb 2008 12:22:44 PM CST
Last Seen Fri 29 Feb 2008 07:56:45 PM CST
Local ID c5169662-b069-4270-84f8-a7aa4aa38100
Line Numbers
Raw Audit Messages
avc: denied { read } for comm=clamav-milter dev=dm-0 egid=486 euid=492
exe=/usr/sbin/clamav-milter exit=-13 fsgid=486 fsuid=492 gid=486 items=0
name=sh
pid=2928 scontext=system_u:system_r:clamd_t:s0 sgid=486
subj=system_u:system_r:clamd_t:s0 suid=492 tclass=lnk_file
tcontext=system_u:object_r:bin_t:s0 tty=(none) uid=492
More information about the fedora-selinux-list
mailing list