Re: SOLVED: error ClamAV daemon

Paul Howarth <paul@xxxxxxxxxxxx> · Wed, 14 Jun 2006 20:59:17 +0100

On Wed, 2006-06-14 at 21:19 +0200, Peter Lesterhuis wrote:
> OK, I could load the module now.
> The output of # semodule -l is:
> # semodule -l
> amavis  1.0.4
> clamav  1.0.1
> myclamd 0.1.0
> myfreshclam     0.1.0
> pyzor   1.0.1
> 
> I ran the "restorecon"-command (first line only?)
> After this I could start clamd also in enforced mode.

Good.

> But in /var/log/audit/audit.log there still are some "avc= denied" messages.
> 
> # cat audit.log

(snip non-AVC audit messages)

> type=AVC msg=audit(1150311069.037:9): avc:  denied  { search } for  
> pid=2352 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0 
> tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:9): arch=40000003 syscall=149 
> success=no exit=-1 a0=bf8bb3c0 a1=4f32aff4 a2=4f4a1e00 a3=bf8bb3b8 
> items=0 pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
> egid=0 sgid=0 fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"

Reading kernel sysctl (not sure what for)

> type=AVC msg=audit(1150311069.037:10): avc:  denied  { search } for  
> pid=2352 comm="freshclam" name="/" dev=proc ino=1 
> scontext=system_u:system_r:freshclam_t:s0 
> tcontext=system_u:object_r:proc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:10): arch=40000003 syscall=5 
> success=no exit=-13 a0=4f49e020 a1=0 a2=bf8bb420 a3=b7f9f6bc items=1 
> pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
> fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:10):  cwd="/"
> type=PATH msg=audit(1150311069.037:10): item=0 
> name="/proc/sys/kernel/version" flags=101

Trying to read /proc/sys/kernel/version

> type=AVC msg=audit(1150311069.037:11): avc:  denied  { read } for  
> pid=2352 comm="freshclam" name="freshclam.conf" dev=dm-0 ino=2736205 
> scontext=system_u:system_r:freshclam_t:s0 
> tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
> type=SYSCALL msg=audit(1150311069.037:11): arch=40000003 syscall=5 
> success=no exit=-13 a0=804f7a1 a1=0 a2=1b6 a3=9796090 items=1 pid=2352 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:11):  cwd="/"
> type=PATH msg=audit(1150311069.037:11): item=0 
> name="/etc/freshclam.conf" flags=101  inode=2736205 dev=fd:00 
> mode=0100640 ouid=0 ogid=0 rdev=00:00

This looks like a labelling issue. Can you post the output of:

# ls -lZ /etc/freshclam.conf
# restorecon -v /etc/freshclam.conf

Which packages are you using for clamav? I see nothing in the Extras
version that might result in this.

> type=AVC msg=audit(1150311069.037:12): avc:  denied  { search } for  
> pid=2352 comm="freshclam" name="/" dev=proc ino=1 
> scontext=system_u:system_r:freshclam_t:s0 
> tcontext=system_u:object_r:proc_t:s0 tclass=dir
> type=SYSCALL msg=audit(1150311069.037:12): arch=40000003 syscall=5 
> success=no exit=-13 a0=4f315039 a1=0 a2=4f32aff4 a3=9796608 items=1 
> pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
> fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
> type=CWD msg=audit(1150311069.037:12):  cwd="/"
> type=PATH msg=audit(1150311069.037:12): item=0 
> name="/proc/sys/kernel/ngroups_max" flags=101

Trying to read /proc/sys/kernel/ngroups_max

All the remaining audit messages are not SELinux-related.

Can you let me know if freshclam works OK in enforcing mode after doing
the "restorecon" above please (also look for any more AVC messages).

Paul.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list