Re: SELinux is preventing clamd.scan (system_cronjob_t) "write" crond_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/21/2009 12:18 AM, Edward Kuns wrote:
> Just in the past few days I've received seven of this AVC complaint, and
> I haven't seen any of this complaint before that.  On 11 July, I updated
> selinux to 3.6.12-62.fc11.  I currently have clamav-0.95.1-2.fc11.i586,
> installed on 1 July.  I am not aware of anything that changed on or just
> before the 17th.  Any ideas?
> 
> Here's the sealert:
> 
> 	Thanks
> 
> 	Eddie
> 
> 
> Summary:
> 
> SELinux is preventing clamd.scan (system_cronjob_t) "write" crond_t.
> 
> Detailed Description:
> 
> SELinux denied access requested by clamd.scan. It is not expected that
> this
> access is required by clamd.scan and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:system_cronjob_t:s0
> Target Context                system_u:system_r:crond_t:s0-s0:c0.c1023
> Target Objects                pipe [ fifo_file ]
> Source                        clamd.scan
> Source Path                   /bin/bash
> Port                          <Unknown>
> Host                          kilroy.chi.il.us
> Source RPM Packages           bash-4.0-6.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.12-62.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     kilroy.chi.il.us
> Platform                      Linux kilroy.chi.il.us
> 2.6.29.5-191.fc11.i686.PAE
>                               #1 SMP Tue Jun 16 23:19:53 EDT 2009 i686
> i686
> Alert Count                   7
> First Seen                    Fri Jul 17 10:36:13 2009
> Last Seen                     Mon Jul 20 16:36:12 2009
> Local ID                      39c625f5-4b31-49f2-bb14-57835e8afc61
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=kilroy.chi.il.us type=AVC msg=audit(1248125772.619:80082): avc:
> denied  { write } for  pid=3642 comm="clamd.scan" path="pipe:[8230868]"
> dev=pipefs ino=8230868 scontext=system_u:system_r:system_cronjob_t:s0
> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file
> 
> node=kilroy.chi.il.us type=SYSCALL msg=audit(1248125772.619:80082):
> arch=40000003 syscall=11 success=yes exit=0 a0=9ef08f0 a1=9ef0910
> a2=9eeecb8 a3=9ef0910 items=0 ppid=509 pid=3642 auid=0 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2000
> comm="clamd.scan" exe="/bin/bash"
> subj=system_u:system_r:system_cronjob_t:s0 key=(null)
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This looks like a MCS constraint problem.  And looking at current selinux policy it should be fixed.

Can you upgrade to the latest selinux policy in testing?

yum upgrade --enablerepo=updates-testing selinux-policy-targeted

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux