Partitions Mounted by fstab

Arthur Dent selinux.list at troodos.demon.co.uk
Thu Mar 6 15:53:37 UTC 2008 

On Thu, Mar 06, 2008 at 03:46:28PM +0000, Arthur Dent wrote:
> > 
> > What file in your home directory is clamscan appending to?
> > Maybe we can put it into a distinct type and protect the rest of your
> > files?
> > 
> Not sure... clamd is used by clamassassin which is called by procmail.
> 
> Procmail has local configurations set in various "rc" files in
> ~/Procmail/ in my home directory. But only procmail would require (read)
> access to those. Then procmail writes to its log which is
> ~/Procmail/pmlog (also rotated by logrotate).
> 
> I'll try commenting out that line and see what happens...
> 
And here's what happens...

Summary:

SELinux is preventing the clamdscan from using potentially mislabeled
files
(/home/mark/Procmail/pmlog).

Detailed Description:

SELinux has denied clamdscan access to potentially mislabeled file(s)
(/home/mark/Procmail/pmlog). This means that SELinux will not allow
clamdscan to
use these files. It is common for users to edit files in their home
directory or
tmp directories and then move (mv) them to system directories. The
problem is
that the files end up with the wrong file context which confined
applications
are not allowed to access.

Allowing Access:

If you want clamdscan to access this files, you need to relabel them
using
restorecon -v '/home/mark/Procmail/pmlog'. You might want to relabel the
entire
directory using restorecon -R -v '/home/mark/Procmail'.

Additional Information:

Source Context                system_u:system_r:clamscan_t:s0
Target Context                system_u:object_r:user_home_t:s0
Target Objects                /home/mark/Procmail/pmlog [ file ]
Source                        clamdscan
Source Path                   /usr/bin/clamdscan
Port                          <Unknown>
Host                          mydomain.org.uk
Source RPM Packages           clamav-0.92.1-1.fc8
Target RPM Packages           
Policy RPM                    selinux-policy-3.0.8-87.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     mydomain.org.uk
Platform                      Linux mydomain.org.uk 2.6.23.15-137.fc8 #1
SMP Sun
                              Feb 10 17:48:34 EST 2008 i686 i686
Alert Count                   1
First Seen                    Thu Mar  6 15:48:08 2008
Last Seen                     Thu Mar  6 15:48:08 2008
Local ID                      1a0e8006-5ae4-41dc-90e3-419c7c32c2b0
Line Numbers                  

Raw Audit Messages            

host=mydomain.org.uk type=AVC msg=audit(1204818488.711:155): avc:
denied  { append } for  pid=3820 comm="clamdscan"
path="/home/mark/Procmail/pmlog" dev=sda12 ino=1426472
scontext=system_u:system_r:clamscan_t:s0
tcontext=system_u:object_r:user_home_t:s0 tclass=file

host=mydomain.org.uk type=SYSCALL msg=audit(1204818488.711:155):
arch=40000003 syscall=11 success=yes exit=0 a0=933c210 a1=933aa28
a2=93381b0 a3=40 items=0 ppid=3816 pid=3820 auid=4294967295 uid=0 gid=12
euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none)
comm="clamdscan" exe="/usr/bin/clamdscan"
subj=system_u:system_r:clamscan_t:s0 key=(null)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080306/c218d12f/attachment.sig>

More information about the fedora-selinux-list mailing list