Re: SOLVED: error ClamAV daemon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When I boot I see this message: "ClamAV daemon: ERROR: can't open
>>>>>>>>>>>> >>>>>> >>> > > > /var/log/clamav/clamlog in append mode.
>>>>>>>>>>>> Check >>>>>> >>>>>> permissions. >>> >>> ERROR: > > > problem with
>>>>>> internal logger. Please check >>> >>> permissions >>> of > > > /var/log/clamav/clamlog." >>> >>>
>>>>>>>>>>>> >>>>>> >>> > > > I checked the permissions (600) and set
>>>>>>>>>>>> them to 666 to >>>>>> >>>>>> be sure >>> >>> that the > > > file is writable
>>>>>> for the owner clamav. (Shouldn't >>> >>> be >>> necessary though). >>> >>>
>>>>>>>>>>>> >>>>>> >>> > > > Still I can't start clamd.
>>>>>>>>>>>> >>>>>> >>> > > > In clamav.conf the option LogFileUnlock is
>>>>>>>>>>>> uncommented.
>>>>>>>>>>>> >>>>>> >>> > > > I don't understand why I keep having this
>>>>>>>>>>>> error.
>>>>>>>>>>>> >>>>>> >>> > > > Any suggestion is wellcome.
>>>>>>>>>>>> >>>>>> >>>>>> >>> >>>
>>>>>>>> >>>> >> > >   > >
>>>>>>>> >>>> >> > > Do you have SELinux enabled, and if so, are there
>>>>>>>> any >>>> >>>> messages with
>>>>
>>>>>>>> >>>> >> > > "avc: denied" in /var/log/messages or
>>>>>>>> /var/log/audit/audit.log?
>>>>>>>> >>>> >> > >     > Yes, I have.
>>>>>>>> >>>> >>>>
>>>>>> >>> >> > In /var/log/audit/audit.log I have this message:
>>>>>> >>> >> > type=AVC msg=audit(1149784852.944:133): avc: denied {
>>>>>> write } >>> >>> for >> > pid=2352 comm="freshclam" name="log" dev=tmpfs ino=6715
>>> >
>>>> >> >> scontext=system_u:system_r:freshclam_t:s0 > >>
>> >> tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file
>> >>
>>>>>> >>> >> > type=SYSCALL msg=audit(1149784852.944:133):
>>>>>> arch=40000003
>>>> >> >> syscall=102 > success=no exit=-13 a0=3 a1=bf926000 a2=4f32aff4
>>>> >> >> a3=15 >> items=1 pid=2352 > auid=4294967295 uid=46 gid=46 euid=46 >> >> suid=46 >> fsuid=46 egid=46 sgid=46 > fsgid=46 comm="freshclam" >> >> >> exe="/usr/bin/freshclam"

>>>> >> >> >> Curious. The AVC seems to relate to denial of sending a
>>>> syslog >> >> message,

>>>> >> >> whereas the error message seems to relate to a regular file
>>>> >> >> (/var/log/clamav/clamlog).
>>>> >> >>
>>>> >> >> Are you on FC4 or FC5? Are your selinux policy packages up to
>>>> date?
>>>> >> >>     > I have FC5 and yes, selinux packages are up to date.
>>>> >> >> >> OK, you can fix this denial as follows:
>> >>
>> >> Set yourself up for making local policy modules:
>> >>
>> >> # yum install checkpolicy
>> >> # cd /root
>> >> # mkdir selinux.local
>> >> # cd selinux.local
>> >> # chcon -R -t usr_t .
>> >> # ln -s /usr/share/selinux/devel/Makefile .
>> >>
>> >> Make a local policy module for this issue, in this directory:
>> >>
>> >> 1. Create a file myfreshclam.te with this content:
>> >>
>> >> policy_module(myfreshclam, 0.1.0)
>> >>
>> >> require {
>> >>          type freshclam_t;
>> >> };
>> >>
>> >> # Allow freshclam to send syslog messages
>> >> logging_send_syslog_msg(freshclam_t)
>> >>
>> >> 2. Build the policy module:
>> >>
>> >> # make
>> >>
>> >> 3. Finally, install your new policy module:
>> >>
>> >> # semodule -i myfreshclam.pp
>> >>
>> >> That should allow freshclam to send syslog messages, though I'm not >> >> convinced that that's the actual problem you're seeing.
>> >>     > When I do the "chcon"-step this is happening:
>> > > selinux.local]# chcon -R -t usr_t
>> > chcon: too few arguments
>> > Try `chcon --help' for more information.
>> > > What should I do now?
Add the dot as the last parameter of the command.

# chcon -R -t usr_t .

You are right; I missed the dot. I built the module following your instructions. Still I can't start clamd en the error message during booting is still there.


Try putting SELinux in permissive mode and then try it again. If it now works, you've confirmed that it's an SELinux issue and we'll have to look again for more "avc: denied" messages. If not, the problem is not SELinux-related and you'll have to look for the problem elsewhere.

With SELinux in permissive mode clamd started without problem. In the graphical configuration tool of SELinux I found SELinux Service Protection; there I only had to check clamd.
Clamd is now also running in enforced mode (SELinux).
Thank you for your help.
Peter.


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux