Re: Clamd - again...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2010-08-25 at 20:18 +0200, Dominick Grift wrote:

> > 
> > I'm afraid we're still not quite there yet...
> > 
> > This is from /var/log/clamd.log:
> > Wed Aug 25 18:27:05 2010 -> WARNING: Control message truncated, no control data received, 1 bytes read(Is SELinux/AppArmor enabled, and blocking file descriptor passing?)
> > Wed Aug 25 18:27:05 2010 -> WARNING: Error condition on fd 9
> > 
> > I have no idea what fd 9 is.
> 
> Probably a file descriptor we missed. run semodule -DB to unload hidden
> denials, try to reproduce it and send the AVC denials you are getting so
> that we can review them and fix it.

These are avcs I have collected today. I have made no attempt to remove
duplicates and some of them probably relate to when I was playing with
the clamdwatch problem...

----
time->Wed Aug 25 00:48:05 2010
type=SYSCALL msg=audit(1282693685.486:49991): arch=40000003 syscall=11
success=yes exit=0 a0=81af660 a1=81af538 a2=81ab5b8 a3=81af538 items=0
ppid=13003 pid=13007 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282693685.486:49991): avc:  denied  { noatsecure }
for  pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282693685.486:49991): avc:  denied  { siginh } for
pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282693685.486:49991): avc:  denied  { rlimitinh }
for  pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 00:48:05 2010
type=SYSCALL msg=audit(1282693685.532:49992): arch=40000003 syscall=11
success=yes exit=0 a0=81aeb40 a1=81aeae8 a2=81ab5b8 a3=81aeae8 items=0
ppid=13003 pid=13011 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282693685.532:49992): avc:  denied  { noatsecure }
for  pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282693685.532:49992): avc:  denied  { siginh } for
pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282693685.532:49992): avc:  denied  { rlimitinh }
for  pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 00:48:05 2010
type=SYSCALL msg=audit(1282693685.536:49993): arch=40000003 syscall=102
success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282693685.536:49993): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.ELpNsCwoK2" dev=sda6
ino=86012 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 02:48:05 2010
type=SYSCALL msg=audit(1282700885.042:50296): arch=40000003 syscall=11
success=yes exit=0 a0=9f12660 a1=9f12538 a2=9f0e5b8 a3=9f12538 items=0
ppid=17983 pid=17987 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282700885.042:50296): avc:  denied  { noatsecure }
for  pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282700885.042:50296): avc:  denied  { siginh } for
pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282700885.042:50296): avc:  denied  { rlimitinh }
for  pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 02:48:05 2010
type=SYSCALL msg=audit(1282700885.104:50297): arch=40000003 syscall=11
success=yes exit=0 a0=9f11b40 a1=9f11ae8 a2=9f0e5b8 a3=9f11ae8 items=0
ppid=17983 pid=17991 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282700885.104:50297): avc:  denied  { noatsecure }
for  pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282700885.104:50297): avc:  denied  { siginh } for
pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282700885.104:50297): avc:  denied  { rlimitinh }
for  pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 02:48:05 2010
type=SYSCALL msg=audit(1282700885.108:50298): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282700885.108:50298): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.MO3uL9qugu" dev=sda6
ino=86012 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 03:27:05 2010
type=SYSCALL msg=audit(1282703225.792:50393): arch=40000003 syscall=11
success=yes exit=0 a0=901d660 a1=901d538 a2=90195b8 a3=901d538 items=0
ppid=18347 pid=18351 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282703225.792:50393): avc:  denied  { noatsecure }
for  pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282703225.792:50393): avc:  denied  { siginh } for
pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282703225.792:50393): avc:  denied  { rlimitinh }
for  pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 03:27:05 2010
type=SYSCALL msg=audit(1282703225.806:50394): arch=40000003 syscall=11
success=yes exit=0 a0=901cb40 a1=901cae8 a2=90195b8 a3=901cae8 items=0
ppid=18347 pid=18355 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282703225.806:50394): avc:  denied  { noatsecure }
for  pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282703225.806:50394): avc:  denied  { siginh } for
pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282703225.806:50394): avc:  denied  { rlimitinh }
for  pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 03:27:05 2010
type=SYSCALL msg=audit(1282703225.810:50395): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282703225.810:50395): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.Miai1XEtS5" dev=sda6
ino=86012 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 07:06:07 2010
type=SYSCALL msg=audit(1282716367.056:50913): arch=40000003 syscall=11
success=yes exit=0 a0=95a6660 a1=95a6538 a2=95a25b8 a3=95a6538 items=0
ppid=20093 pid=20097 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282716367.056:50913): avc:  denied  { noatsecure }
for  pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282716367.056:50913): avc:  denied  { siginh } for
pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282716367.056:50913): avc:  denied  { rlimitinh }
for  pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 07:06:07 2010
type=SYSCALL msg=audit(1282716367.101:50914): arch=40000003 syscall=11
success=yes exit=0 a0=95a5b40 a1=95a5ae8 a2=95a25b8 a3=95a5ae8 items=0
ppid=20093 pid=20101 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282716367.101:50914): avc:  denied  { noatsecure }
for  pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282716367.101:50914): avc:  denied  { siginh } for
pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282716367.101:50914): avc:  denied  { rlimitinh }
for  pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 07:06:07 2010
type=SYSCALL msg=audit(1282716367.105:50915): arch=40000003 syscall=102
success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282716367.105:50915): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.5atFlfQtzg" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 08:33:05 2010
type=SYSCALL msg=audit(1282721585.327:51099): arch=40000003 syscall=11
success=yes exit=0 a0=85fe660 a1=85fe538 a2=85fa5b8 a3=85fe538 items=0
ppid=20452 pid=20456 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282721585.327:51099): avc:  denied  { noatsecure }
for  pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282721585.327:51099): avc:  denied  { siginh } for
pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282721585.327:51099): avc:  denied  { rlimitinh }
for  pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 08:33:05 2010
type=SYSCALL msg=audit(1282721585.342:51100): arch=40000003 syscall=11
success=yes exit=0 a0=85fdb40 a1=85fdae8 a2=85fa5b8 a3=85fdae8 items=0
ppid=20452 pid=20460 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282721585.342:51100): avc:  denied  { noatsecure }
for  pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282721585.342:51100): avc:  denied  { siginh } for
pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282721585.342:51100): avc:  denied  { rlimitinh }
for  pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 08:33:05 2010
type=SYSCALL msg=audit(1282721585.346:51101): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282721585.346:51101): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.INJ23gPAOG" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 09:18:05 2010
type=SYSCALL msg=audit(1282724285.612:51207): arch=40000003 syscall=11
success=yes exit=0 a0=8ac8660 a1=8ac8538 a2=8ac45b8 a3=8ac8538 items=0
ppid=20860 pid=20864 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282724285.612:51207): avc:  denied  { noatsecure }
for  pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282724285.612:51207): avc:  denied  { siginh } for
pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282724285.612:51207): avc:  denied  { rlimitinh }
for  pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 09:18:05 2010
type=SYSCALL msg=audit(1282724285.626:51208): arch=40000003 syscall=11
success=yes exit=0 a0=8ac7b40 a1=8ac7ae8 a2=8ac45b8 a3=8ac7ae8 items=0
ppid=20860 pid=20868 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282724285.626:51208): avc:  denied  { noatsecure }
for  pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282724285.626:51208): avc:  denied  { siginh } for
pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282724285.626:51208): avc:  denied  { rlimitinh }
for  pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 09:18:05 2010
type=SYSCALL msg=audit(1282724285.630:51209): arch=40000003 syscall=102
success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282724285.630:51209): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.5o03RffeYk" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 10:06:06 2010
type=SYSCALL msg=audit(1282727166.230:51315): arch=40000003 syscall=11
success=yes exit=0 a0=9a56660 a1=9a56538 a2=9a525b8 a3=9a56538 items=0
ppid=21073 pid=21077 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282727166.230:51315): avc:  denied  { noatsecure }
for  pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282727166.230:51315): avc:  denied  { siginh } for
pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282727166.230:51315): avc:  denied  { rlimitinh }
for  pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 10:06:06 2010
type=SYSCALL msg=audit(1282727166.245:51316): arch=40000003 syscall=11
success=yes exit=0 a0=9a55b40 a1=9a55ae8 a2=9a525b8 a3=9a55ae8 items=0
ppid=21073 pid=21081 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282727166.245:51316): avc:  denied  { noatsecure }
for  pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282727166.245:51316): avc:  denied  { siginh } for
pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282727166.245:51316): avc:  denied  { rlimitinh }
for  pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 10:06:06 2010
type=SYSCALL msg=audit(1282727166.248:51317): arch=40000003 syscall=102
success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282727166.248:51317): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.UEdCagKAf8" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 15:06:05 2010
type=SYSCALL msg=audit(1282745165.938:52108): arch=40000003 syscall=11
success=yes exit=0 a0=9b2f660 a1=9b2f538 a2=9b2b5b8 a3=9b2f538 items=0
ppid=22700 pid=22704 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282745165.938:52108): avc:  denied  { noatsecure }
for  pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282745165.938:52108): avc:  denied  { siginh } for
pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282745165.938:52108): avc:  denied  { rlimitinh }
for  pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 15:06:06 2010
type=SYSCALL msg=audit(1282745166.008:52109): arch=40000003 syscall=11
success=yes exit=0 a0=9b2eb40 a1=9b2eae8 a2=9b2b5b8 a3=9b2eae8 items=0
ppid=22700 pid=22708 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282745166.008:52109): avc:  denied  { noatsecure }
for  pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282745166.008:52109): avc:  denied  { siginh } for
pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282745166.008:52109): avc:  denied  { rlimitinh }
for  pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 15:06:06 2010
type=SYSCALL msg=audit(1282745166.024:52110): arch=40000003 syscall=102
success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282745166.024:52110): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.ZM4FXWKrfw" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 17:06:04 2010
type=SYSCALL msg=audit(1282752364.895:52419): arch=40000003 syscall=11
success=yes exit=0 a0=8f1c660 a1=8f1c538 a2=8f185b8 a3=8f1c538 items=0
ppid=23444 pid=23448 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282752364.895:52419): avc:  denied  { noatsecure }
for  pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282752364.895:52419): avc:  denied  { siginh } for
pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282752364.895:52419): avc:  denied  { rlimitinh }
for  pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:06:04 2010
type=SYSCALL msg=audit(1282752364.911:52420): arch=40000003 syscall=11
success=yes exit=0 a0=8f1bb40 a1=8f1bae8 a2=8f185b8 a3=8f1bae8 items=0
ppid=23444 pid=23452 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282752364.911:52420): avc:  denied  { noatsecure }
for  pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282752364.911:52420): avc:  denied  { siginh } for
pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282752364.911:52420): avc:  denied  { rlimitinh }
for  pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:06:04 2010
type=SYSCALL msg=audit(1282752364.914:52421): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282752364.914:52421): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.jp96Rb3i34" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----

time->Wed Aug 25 17:18:10 2010
type=SYSCALL msg=audit(1282753090.532:52453): arch=40000003 syscall=11
success=yes exit=0 a0=9473660 a1=9473538 a2=946f5b8 a3=9473538 items=0
ppid=23506 pid=23510 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282753090.532:52453): avc:  denied  { noatsecure }
for  pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753090.532:52453): avc:  denied  { siginh } for
pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753090.532:52453): avc:  denied  { rlimitinh }
for  pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:18:10 2010
type=SYSCALL msg=audit(1282753090.548:52454): arch=40000003 syscall=11
success=yes exit=0 a0=9472b40 a1=9472ae8 a2=946f5b8 a3=9472ae8 items=0
ppid=23506 pid=23514 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282753090.548:52454): avc:  denied  { noatsecure }
for  pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753090.548:52454): avc:  denied  { siginh } for
pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753090.548:52454): avc:  denied  { rlimitinh }
for  pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:18:10 2010
type=SYSCALL msg=audit(1282753090.551:52455): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282753090.551:52455): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.lABWgGT1Bx" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 17:30:08 2010
type=SYSCALL msg=audit(1282753808.292:52485): arch=40000003 syscall=11
success=yes exit=0 a0=95bd660 a1=95bd538 a2=95b95b8 a3=95bd538 items=0
ppid=23570 pid=23574 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282753808.292:52485): avc:  denied  { noatsecure }
for  pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753808.292:52485): avc:  denied  { siginh } for
pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753808.292:52485): avc:  denied  { rlimitinh }
for  pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:30:08 2010
type=SYSCALL msg=audit(1282753808.306:52486): arch=40000003 syscall=11
success=yes exit=0 a0=95bcb40 a1=95bcae8 a2=95b95b8 a3=95bcae8 items=0
ppid=23570 pid=23578 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282753808.306:52486): avc:  denied  { noatsecure }
for  pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753808.306:52486): avc:  denied  { siginh } for
pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282753808.306:52486): avc:  denied  { rlimitinh }
for  pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 17:30:08 2010
type=SYSCALL msg=audit(1282753808.310:52487): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282753808.310:52487): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.SEBHp9J9FC" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 18:27:05 2010
type=SYSCALL msg=audit(1282757225.655:52637): arch=40000003 syscall=11
success=yes exit=0 a0=8404660 a1=8404538 a2=84005b8 a3=8404538 items=0
ppid=23986 pid=23990 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282757225.655:52637): avc:  denied  { noatsecure }
for  pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282757225.655:52637): avc:  denied  { siginh } for
pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282757225.655:52637): avc:  denied  { rlimitinh }
for  pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 18:27:05 2010
type=SYSCALL msg=audit(1282757225.682:52638): arch=40000003 syscall=11
success=yes exit=0 a0=8403b40 a1=8403ae8 a2=84005b8 a3=8403ae8 items=0
ppid=23986 pid=23994 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0
egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan"
exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0
key=(null)
type=AVC msg=audit(1282757225.682:52638): avc:  denied  { noatsecure }
for  pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282757225.682:52638): avc:  denied  { siginh } for
pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
type=AVC msg=audit(1282757225.682:52638): avc:  denied  { rlimitinh }
for  pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0
tcontext=system_u:system_r:clamscan_t:s0 tclass=process
----
time->Wed Aug 25 18:27:05 2010
type=SYSCALL msg=audit(1282757225.685:52639): arch=40000003 syscall=102
success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1
pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282757225.685:52639): avc:  denied  { read } for
pid=8053 comm="clamd" path="/tmp/clamassassinmsg.BmRYSmXIWX" dev=sda6
ino=86007 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
----
time->Wed Aug 25 19:15:48 2010
type=SYSCALL msg=audit(1282760148.767:52789): arch=40000003 syscall=33
success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1
pid=24208 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282760148.767:52789): avc:  denied  { read } for
pid=24208 comm="clamd" name="clamdwatch-dpJvpbczaviGA9DC" dev=sda6
ino=13129 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
----
time->Wed Aug 25 19:28:16 2010
type=SYSCALL msg=audit(1282760896.264:52831): arch=40000003 syscall=33
success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1
pid=24267 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282760896.264:52831): avc:  denied  { read } for
pid=24267 comm="clamd" name="clamdwatch-b_nESSgoTkX3Y8ga" dev=sda6
ino=13129 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
----
time->Wed Aug 25 19:30:43 2010
type=SYSCALL msg=audit(1282761043.976:52838): arch=40000003 syscall=33
success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1
pid=24280 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503
sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd"
exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0
key=(null)
type=AVC msg=audit(1282761043.976:52838): avc:  denied  { read } for
pid=24280 comm="clamd" name="clamdwatch-ymyC2PA1n1gjmt9Z" dev=sda6
ino=13129 scontext=unconfined_u:system_r:clamd_t:s0
tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
----

Attachment: signature.asc
Description: This is a digitally signed message part

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux