Clamd - again...

Arthur Dent misc.lists at blueyonder.co.uk
Sun Aug 22 18:24:20 UTC 2010 

On Sun, 2010-08-22 at 20:08 +0200, Dominick Grift wrote:
> On 08/22/2010 11:29 AM, Arthur Dent wrote:
> > Hello all,
> > 
> > Since upgrading from F11 to F13 I still have 3 outstanding issues. 1 is
> > my earlier thread about mlogc which is still the subject of some
> > correspondence on the modsecurity list, another is a mysterious "leaked
> > file descriptor" AVC which has a permissive type anyway so I will worry
> > about that later (and may have stopped since the latest selinux policy
> > release) and that just leaves clamd... sigh...
> > 
> > The relationship between procmail and clamd and selinux always seems to
> > be a troubled one and I don't know why it should be so, but hey...
> > 
> > Every time I upgrade Fedora I go through this little dance - remove my
> > old home made clamd policy, run my fetchmail->procmail->clamd( and
> > spamd)-> dovecot mail-chain and see what AVCs emerge. I create a policy
> > using audit2allow, rinse, repeat until all AVCs go away.
> 
> So why not do it properly this time and help fix this upstream?

OK - Happy to try...

> Can you remove your custom modules and enclose raw AVC denials please?

OK - I have removed the module. As each new denial comes in I will post
the AVCs here. In the meantime I have included (at the bottom of this
mail) the AVCs that led to the creation of this module.

> > Well I have done that as usual, all the AVCs have gone away, but still I
> > get this message in my logs:
> > X-virus-report: /usr/local/bin/clamdscan error 2
> > X-virus-checker-version: clamassassin 1.2.4 with clamdscan / ERROR: Can't connect to clamd: Permission denied
> > 
> > But NO AVCs
> > 
> > I have proved that selinux is the culprit. Putting SEL into permissive
> > mode temporarily allows clamd to work as it should (but still no AVCs).
> > 
> > I am a little reluctant to do the "semodule -DB" to reveal any silent
> > denials as I get swamped with stuff (but if that's what it takes...)
> > 
> > In the meantime can anyone suggest any other approach?
> 
> Show us raw AVC denials, also for the rules you added below. Also use
> semodule -DB to collect the AVC denials as it may reveal hidden denials.

Raw AVCs posted below. If I can, I would prefer to avoid semodule -DB -
at least until there's no alternative. The last time I did this I was
swamped with messages...

Thanks for your help so far...

OLD Raw AVCs:
=============
(Note: I have not attempted to remove duplicates in case they may not
actually be duplicates...)

# grep clam /var/log/audit/audit.log
type=AVC msg=audit(1281549967.522:25603): avc:  denied  { write } for  pid=7413 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549967.522:25603): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9c19b0 a2=3 a3=0 items=0 ppid=7409 pid=7413 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549967.553:25604): avc:  denied  { write } for  pid=7419 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549967.553:25604): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe176c0 a2=3 a3=1 items=0 ppid=7409 pid=7419 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549968.933:25605): avc:  denied  { write } for  pid=7433 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549968.933:25605): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9f7d60 a2=3 a3=0 items=0 ppid=7429 pid=7433 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549968.944:25606): avc:  denied  { write } for  pid=7437 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549968.944:25606): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfef94f0 a2=3 a3=1 items=0 ppid=7429 pid=7437 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549972.233:25607): avc:  denied  { write } for  pid=7457 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549972.233:25607): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffd3850 a2=3 a3=0 items=0 ppid=7453 pid=7457 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549972.245:25608): avc:  denied  { write } for  pid=7461 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549972.245:25608): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfbd0860 a2=3 a3=1 items=0 ppid=7453 pid=7461 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549974.951:25609): avc:  denied  { write } for  pid=7480 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549974.951:25609): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdd9980 a2=3 a3=0 items=0 ppid=7476 pid=7480 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549974.962:25610): avc:  denied  { write } for  pid=7484 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549974.962:25610): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9009f0 a2=3 a3=1 items=0 ppid=7476 pid=7484 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549979.649:25611): avc:  denied  { write } for  pid=7503 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549979.649:25611): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa76ac0 a2=3 a3=0 items=0 ppid=7499 pid=7503 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549979.684:25612): avc:  denied  { write } for  pid=7509 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549979.684:25612): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfee7530 a2=3 a3=1 items=0 ppid=7499 pid=7509 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549989.907:25613): avc:  denied  { write } for  pid=7547 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549989.907:25613): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff2eae0 a2=3 a3=0 items=0 ppid=7543 pid=7547 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549989.918:25614): avc:  denied  { write } for  pid=7552 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549989.918:25614): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff8b3b0 a2=3 a3=1 items=0 ppid=7543 pid=7552 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549992.167:25615): avc:  denied  { write } for  pid=7569 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549992.167:25615): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfb02b50 a2=3 a3=0 items=0 ppid=7565 pid=7569 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549992.178:25616): avc:  denied  { write } for  pid=7573 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549992.178:25616): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf8de0a0 a2=3 a3=1 items=0 ppid=7565 pid=7573 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549995.114:25617): avc:  denied  { write } for  pid=7593 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549995.114:25617): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfea68f0 a2=3 a3=0 items=0 ppid=7589 pid=7593 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549995.129:25618): avc:  denied  { write } for  pid=7598 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549995.129:25618): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffb0530 a2=3 a3=1 items=0 ppid=7589 pid=7598 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549997.583:25619): avc:  denied  { write } for  pid=7617 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549997.583:25619): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdedaa0 a2=3 a3=0 items=0 ppid=7613 pid=7617 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549997.594:25620): avc:  denied  { write } for  pid=7621 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549997.594:25620): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfb8fcc0 a2=3 a3=1 items=0 ppid=7613 pid=7621 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549998.782:25621): avc:  denied  { write } for  pid=7637 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549998.782:25621): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffd7cc0 a2=3 a3=0 items=0 ppid=7633 pid=7637 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549998.795:25622): avc:  denied  { write } for  pid=7641 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281549998.795:25622): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa4cfd0 a2=3 a3=1 items=0 ppid=7633 pid=7641 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553746.456:28957): avc:  denied  { write } for  pid=1875 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281553746.456:28957): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfd26f70 a2=3 a3=0 items=0 ppid=1871 pid=1875 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553746.467:28958): avc:  denied  { write } for  pid=1879 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281553746.467:28958): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffec380 a2=3 a3=1 items=0 ppid=1871 pid=1879 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553747.846:28959): avc:  denied  { write } for  pid=1891 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281553747.846:28959): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfc59ac0 a2=3 a3=0 items=0 ppid=1887 pid=1891 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553747.853:28960): avc:  denied  { write } for  pid=1895 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281553747.853:28960): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfd65ef0 a2=3 a3=1 items=0 ppid=1887 pid=1895 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281556447.007:29081): avc:  denied  { write } for  pid=2066 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281556447.007:29081): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe8c5f0 a2=3 a3=0 items=0 ppid=2062 pid=2066 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281556447.066:29082): avc:  denied  { write } for  pid=2072 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281556447.066:29082): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf95f8f0 a2=3 a3=1 items=0 ppid=2062 pid=2072 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281560962.921:29306): avc:  denied  { connectto } for  pid=2813 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281560962.921:29306): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe09950 a2=3 a3=0 items=0 ppid=2809 pid=2813 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281560962.956:29307): avc:  denied  { connectto } for  pid=2819 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281560962.956:29307): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa97fd0 a2=3 a3=1 items=0 ppid=2809 pid=2819 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281708366.973:25738): avc:  denied  { connectto } for  pid=4423 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281708366.973:25738): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa9ce30 a2=3 a3=0 items=0 ppid=4419 pid=4423 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281708367.002:25739): avc:  denied  { connectto } for  pid=4427 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281708367.002:25739): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf91cf30 a2=3 a3=1 items=0 ppid=4419 pid=4427 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281709806.425:25816): avc:  denied  { connectto } for  pid=4791 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281709806.425:25816): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf933ba0 a2=3 a3=0 items=0 ppid=4787 pid=4791 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281709806.479:25817): avc:  denied  { connectto } for  pid=4797 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281709806.479:25817): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdc0d20 a2=3 a3=1 items=0 ppid=4787 pid=4797 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281822126.149:31680): avc:  denied  { write } for  pid=7792 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281822126.149:31680): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfc60bb0 a2=3 a3=0 items=0 ppid=7788 pid=7792 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281823207.443:31735): avc:  denied  { write } for  pid=7961 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281823207.443:31735): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd83ea0 a2=3 a3=0 items=0 ppid=7957 pid=7961 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281825185.251:31827): avc:  denied  { write } for  pid=8786 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281825185.251:31827): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfc7a9e0 a2=3 a3=0 items=0 ppid=8782 pid=8786 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281826265.840:31876): avc:  denied  { write } for  pid=8910 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1281826265.840:31876): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe511a0 a2=3 a3=0 items=0 ppid=8906 pid=8910 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)

More information about the selinux mailing list