On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote:
> Summary:
>
> SELinux is preventing clamd (clamd_t) "read" to ./daily.cld (var_t).
>
> Detailed Description:
>
> [SELinux is in permissive mode, the operation would have been denied
> but was
> permitted due to permissive mode.]
>
> SELinux denied access requested by clamd. It is not expected that
> this
> access is
> required by clamd and this access may signal an intrusion attempt. It
> is
> also
> possible that the specific version or configuration of the application
> is
> causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try
> to
> restore
> the default system file context for ./daily.cld,
>
> restorecon -v './daily.cld'
>
> If this does not work, there is currently no automatic way to allow
> this
> access.
> Instead, you can generate a local policy module to allow this access
> -
> see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context system_u:system_r:clamd_t:s0
> Target Context system_u:object_r:var_t:s0
> Target Objects ./daily.cld [ file ]
> Source clamd
> Source Path /usr/sbin/clamd
> Port <Unknown>
> Host <Unknown>
> Source RPM Packages clamd-0.93.3-1.el5.rf
> Target RPM Packages
> Policy RPM selinux-policy-2.4.6-137.1.el5
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Permissive
> Plugin Name catchall_file
> Host Name mail.alltechmedicalsystemsamerica.com
> Platform Linux
> mail.alltechmedicalsystemsamerica.com
> 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25
> 13:49:24 EDT
> 2008 i686 athlon
> Alert Count 2
> First Seen Fri Jul 25 14:44:44 2008
> Last Seen Fri Jul 25 15:38:04 2008
> Local ID c0eb4a2f-6b73-4632-8f93-ca7dc67bb0f2
> Line Numbers 11, 12, 102, 103
>
> Raw Audit Messages
>
> type=AVC msg=audit(1217014684.863:88): avc: denied { read } for
> pid=2027 comm="clamd" name="daily.cld" dev=md0 ino=980633
> scontext=system_u:system_r:clamd_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1217014684.863:88): arch=40000003 syscall=33
> success=yes exit=0 a0=b156a88 a1=4 a2=3e1e20 a3=b156a88 items=0
> ppid=1
> pid=2027 auid=4294967295 uid=101 gid=203 euid=101 suid=101 fsuid=101
> egid=203 sgid=203 fsgid=203 tty=(none) ses=4294967295 comm="clamd"
> exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
----
you definitely want to run...
restorecon -v './var/clamav/daily.cld'
or something like...
chcon -t system_u:system_r:clamd_t:s0 /var/clamav/daily.cld
Craig
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
