SOLVED: error ClamAV daemon
Paul Howarth
paul at city-fan.org
Wed Jun 14 19:59:17 UTC 2006
On Wed, 2006-06-14 at 21:19 +0200, Peter Lesterhuis wrote:
> OK, I could load the module now.
> The output of # semodule -l is:
> # semodule -l
> amavis 1.0.4
> clamav 1.0.1
> myclamd 0.1.0
> myfreshclam 0.1.0
> pyzor 1.0.1
>
> I ran the "restorecon"-command (first line only?)
> After this I could start clamd also in enforced mode.
Good.
> But in /var/log/audit/audit.log there still are some "avc= denied" messages.
>
> # cat audit.log
(snip non-AVC audit messages)
> type=AVC msg=audit(1150311069.037:9): avc: denied { search } for
> pid=2352 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0
> tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:9): arch=40000003 syscall=149
> success=no exit=-1 a0=bf8bb3c0 a1=4f32aff4 a2=4f4a1e00 a3=bf8bb3b8
> items=0 pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
Reading kernel sysctl (not sure what for)
> type=AVC msg=audit(1150311069.037:10): avc: denied { search } for
> pid=2352 comm="freshclam" name="/" dev=proc ino=1
> scontext=system_u:system_r:freshclam_t:s0
> tcontext=system_u:object_r:proc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:10): arch=40000003 syscall=5
> success=no exit=-13 a0=4f49e020 a1=0 a2=bf8bb420 a3=b7f9f6bc items=1
> pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:10): cwd="/"
> type=PATH msg=audit(1150311069.037:10): item=0
> name="/proc/sys/kernel/version" flags=101
Trying to read /proc/sys/kernel/version
> type=AVC msg=audit(1150311069.037:11): avc: denied { read } for
> pid=2352 comm="freshclam" name="freshclam.conf" dev=dm-0 ino=2736205
> scontext=system_u:system_r:freshclam_t:s0
> tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
> type=SYSCALL msg=audit(1150311069.037:11): arch=40000003 syscall=5
> success=no exit=-13 a0=804f7a1 a1=0 a2=1b6 a3=9796090 items=1 pid=2352
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:11): cwd="/"
> type=PATH msg=audit(1150311069.037:11): item=0
> name="/etc/freshclam.conf" flags=101 inode=2736205 dev=fd:00
> mode=0100640 ouid=0 ogid=0 rdev=00:00
This looks like a labelling issue. Can you post the output of:
# ls -lZ /etc/freshclam.conf
# restorecon -v /etc/freshclam.conf
Which packages are you using for clamav? I see nothing in the Extras
version that might result in this.
> type=AVC msg=audit(1150311069.037:12): avc: denied { search } for
> pid=2352 comm="freshclam" name="/" dev=proc ino=1
> scontext=system_u:system_r:freshclam_t:s0
> tcontext=system_u:object_r:proc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:12): arch=40000003 syscall=5
> success=no exit=-13 a0=4f315039 a1=0 a2=4f32aff4 a3=9796608 items=1
> pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:12): cwd="/"
> type=PATH msg=audit(1150311069.037:12): item=0
> name="/proc/sys/kernel/ngroups_max" flags=101
Trying to read /proc/sys/kernel/ngroups_max
All the remaining audit messages are not SELinux-related.
Can you let me know if freshclam works OK in enforcing mode after doing
the "restorecon" above please (also look for any more AVC messages).
Paul.
More information about the fedora-list
mailing list