Clamd - again...
Dominick Grift
domg472 at gmail.com
Sun Aug 22 21:07:44 UTC 2010
On 08/22/2010 08:24 PM, Arthur Dent wrote:
> OK - I have removed the module. As each new denial comes in I will post
> the AVCs here. In the meantime I have included (at the bottom of this
> mail) the AVCs that led to the creation of this module.
I rather we start all over because some of the avc denials below dont
make sense i believe.
Which version of policy are you using?
>
> Raw AVCs posted below. If I can, I would prefer to avoid semodule -DB -
> at least until there's no alternative. The last time I did this I was
> swamped with messages...
You can. We're starting over.
>
> Thanks for your help so far...
>
> OLD Raw AVCs:
> =============
> (Note: I have not attempted to remove duplicates in case they may not
> actually be duplicates...)
>
> # grep clam /var/log/audit/audit.log
> type=AVC msg=audit(1281549967.522:25603): avc: denied { write } for pid=7413 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549967.522:25603): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9c19b0 a2=3 a3=0 items=0 ppid=7409 pid=7413 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549967.553:25604): avc: denied { write } for pid=7419 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549967.553:25604): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe176c0 a2=3 a3=1 items=0 ppid=7409 pid=7419 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549968.933:25605): avc: denied { write } for pid=7433 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549968.933:25605): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9f7d60 a2=3 a3=0 items=0 ppid=7429 pid=7433 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549968.944:25606): avc: denied { write } for pid=7437 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549968.944:25606): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfef94f0 a2=3 a3=1 items=0 ppid=7429 pid=7437 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549972.233:25607): avc: denied { write } for pid=7457 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549972.233:25607): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffd3850 a2=3 a3=0 items=0 ppid=7453 pid=7457 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549972.245:25608): avc: denied { write } for pid=7461 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549972.245:25608): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfbd0860 a2=3 a3=1 items=0 ppid=7453 pid=7461 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549974.951:25609): avc: denied { write } for pid=7480 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549974.951:25609): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdd9980 a2=3 a3=0 items=0 ppid=7476 pid=7480 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549974.962:25610): avc: denied { write } for pid=7484 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549974.962:25610): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9009f0 a2=3 a3=1 items=0 ppid=7476 pid=7484 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549979.649:25611): avc: denied { write } for pid=7503 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549979.649:25611): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa76ac0 a2=3 a3=0 items=0 ppid=7499 pid=7503 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549979.684:25612): avc: denied { write } for pid=7509 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549979.684:25612): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfee7530 a2=3 a3=1 items=0 ppid=7499 pid=7509 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549989.907:25613): avc: denied { write } for pid=7547 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549989.907:25613): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff2eae0 a2=3 a3=0 items=0 ppid=7543 pid=7547 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549989.918:25614): avc: denied { write } for pid=7552 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549989.918:25614): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bff8b3b0 a2=3 a3=1 items=0 ppid=7543 pid=7552 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549992.167:25615): avc: denied { write } for pid=7569 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549992.167:25615): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfb02b50 a2=3 a3=0 items=0 ppid=7565 pid=7569 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549992.178:25616): avc: denied { write } for pid=7573 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549992.178:25616): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf8de0a0 a2=3 a3=1 items=0 ppid=7565 pid=7573 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549995.114:25617): avc: denied { write } for pid=7593 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549995.114:25617): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfea68f0 a2=3 a3=0 items=0 ppid=7589 pid=7593 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549995.129:25618): avc: denied { write } for pid=7598 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549995.129:25618): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffb0530 a2=3 a3=1 items=0 ppid=7589 pid=7598 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549997.583:25619): avc: denied { write } for pid=7617 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549997.583:25619): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdedaa0 a2=3 a3=0 items=0 ppid=7613 pid=7617 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549997.594:25620): avc: denied { write } for pid=7621 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549997.594:25620): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfb8fcc0 a2=3 a3=1 items=0 ppid=7613 pid=7621 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549998.782:25621): avc: denied { write } for pid=7637 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549998.782:25621): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffd7cc0 a2=3 a3=0 items=0 ppid=7633 pid=7637 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281549998.795:25622): avc: denied { write } for pid=7641 comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281549998.795:25622): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa4cfd0 a2=3 a3=1 items=0 ppid=7633 pid=7641 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281553746.456:28957): avc: denied { write } for pid=1875 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281553746.456:28957): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfd26f70 a2=3 a3=0 items=0 ppid=1871 pid=1875 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281553746.467:28958): avc: denied { write } for pid=1879 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281553746.467:28958): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffec380 a2=3 a3=1 items=0 ppid=1871 pid=1879 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281553747.846:28959): avc: denied { write } for pid=1891 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281553747.846:28959): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfc59ac0 a2=3 a3=0 items=0 ppid=1887 pid=1891 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281553747.853:28960): avc: denied { write } for pid=1895 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281553747.853:28960): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfd65ef0 a2=3 a3=1 items=0 ppid=1887 pid=1895 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281556447.007:29081): avc: denied { write } for pid=2066 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281556447.007:29081): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe8c5f0 a2=3 a3=0 items=0 ppid=2062 pid=2066 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281556447.066:29082): avc: denied { write } for pid=2072 comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
Somehow you were running clamd in the init script domain rather then in
the clamd domain, this caused clamd to create its socket with a wrong
type, causing clamscan, which by the way seems to run in the wrong
domain aswell, to be denied access to the mislabelled sock file.
> type=SYSCALL msg=audit(1281556447.066:29082): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf95f8f0 a2=3 a3=1 items=0 ppid=2062 pid=2072 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281560962.921:29306): avc: denied { connectto } for pid=2813 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281560962.921:29306): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe09950 a2=3 a3=0 items=0 ppid=2809 pid=2813 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281560962.956:29307): avc: denied { connectto } for pid=2819 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281560962.956:29307): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa97fd0 a2=3 a3=1 items=0 ppid=2809 pid=2819 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281708366.973:25738): avc: denied { connectto } for pid=4423 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281708366.973:25738): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfa9ce30 a2=3 a3=0 items=0 ppid=4419 pid=4423 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281708367.002:25739): avc: denied { connectto } for pid=4427 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281708367.002:25739): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf91cf30 a2=3 a3=1 items=0 ppid=4419 pid=4427 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281709806.425:25816): avc: denied { connectto } for pid=4791 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281709806.425:25816): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf933ba0 a2=3 a3=0 items=0 ppid=4787 pid=4791 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281709806.479:25817): avc: denied { connectto } for pid=4797 comm="clamdscan" path="/var/run/clamd/clamd.sock" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
> type=SYSCALL msg=audit(1281709806.479:25817): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfdc0d20 a2=3 a3=1 items=0 ppid=4787 pid=4797 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
This is clamscan trying to stream connect to clamd that is running in
the wrong (init rc script domain)
My first guess is that you have mislabeled files. Try to relabel your
file system and then try again from scratch, then if you get any AVC
denials please send them here.
> type=AVC msg=audit(1281822126.149:31680): avc: denied { write } for pid=7792 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281822126.149:31680): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfc60bb0 a2=3 a3=0 items=0 ppid=7788 pid=7792 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281823207.443:31735): avc: denied { write } for pid=7961 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281823207.443:31735): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfd83ea0 a2=3 a3=0 items=0 ppid=7957 pid=7961 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281825185.251:31827): avc: denied { write } for pid=8786 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281825185.251:31827): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfc7a9e0 a2=3 a3=0 items=0 ppid=8782 pid=8786 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
> type=AVC msg=audit(1281826265.840:31876): avc: denied { write } for pid=8910 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415 scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0 tclass=sock_file
> type=SYSCALL msg=audit(1281826265.840:31876): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfe511a0 a2=3 a3=0 items=0 ppid=8906 pid=8910 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null)
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100822/7de865fb/attachment.bin
More information about the selinux
mailing list