SELinux is preventing clamd.scan (system_cronjob_t) "write" crond_t

Edward Kuns ekuns at kilroy.chi.il.us
Tue Jul 21 04:18:55 UTC 2009 

Just in the past few days I've received seven of this AVC complaint, and
I haven't seen any of this complaint before that.  On 11 July, I updated
selinux to 3.6.12-62.fc11.  I currently have clamav-0.95.1-2.fc11.i586,
installed on 1 July.  I am not aware of anything that changed on or just
before the 17th.  Any ideas?

Here's the sealert:

	Thanks

	Eddie


Summary:

SELinux is preventing clamd.scan (system_cronjob_t) "write" crond_t.

Detailed Description:

SELinux denied access requested by clamd.scan. It is not expected that
this
access is required by clamd.scan and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:system_cronjob_t:s0
Target Context                system_u:system_r:crond_t:s0-s0:c0.c1023
Target Objects                pipe [ fifo_file ]
Source                        clamd.scan
Source Path                   /bin/bash
Port                          <Unknown>
Host                          kilroy.chi.il.us
Source RPM Packages           bash-4.0-6.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-62.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     kilroy.chi.il.us
Platform                      Linux kilroy.chi.il.us
2.6.29.5-191.fc11.i686.PAE
                              #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686
i686
Alert Count                   7
First Seen                    Fri Jul 17 10:36:13 2009
Last Seen                     Mon Jul 20 16:36:12 2009
Local ID                      39c625f5-4b31-49f2-bb14-57835e8afc61
Line Numbers                  

Raw Audit Messages            

node=kilroy.chi.il.us type=AVC msg=audit(1248125772.619:80082): avc:
denied  { write } for  pid=3642 comm="clamd.scan" path="pipe:[8230868]"
dev=pipefs ino=8230868 scontext=system_u:system_r:system_cronjob_t:s0
tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file

node=kilroy.chi.il.us type=SYSCALL msg=audit(1248125772.619:80082):
arch=40000003 syscall=11 success=yes exit=0 a0=9ef08f0 a1=9ef0910
a2=9eeecb8 a3=9ef0910 items=0 ppid=509 pid=3642 auid=0 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2000
comm="clamd.scan" exe="/bin/bash"
subj=system_u:system_r:system_cronjob_t:s0 key=(null)

More information about the fedora-selinux-list mailing list