<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5346.5" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>Hi 
all,</FONT></SPAN></DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>Been playing with 
docmgr (<A 
href="http://docmgr.sourceforge.net">http://docmgr.sourceforge.net</A>) and 
discovered that when uploading a file, it fails because clamav can't scan the 
uploaded content.&nbsp; Audit log contains the following relevant 
lines:</FONT></SPAN></DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial 
size=2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>type=AVC 
msg=audit(1146659861.108:221013): avc:&nbsp; denied&nbsp; { read } for&nbsp; 
pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916 
scontext=user_u:system_r:httpd_sys_script_t:s0 
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir<BR>type=SYSCALL 
msg=audit(1146659861.108:221013): arch=40000003 syscall=5 success=no exit=-13 
a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1 pid=15887 auid=1000 uid=48 
gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="clamscan" 
exe="/usr/bin/clamscan"<BR>type=CWD msg=audit(1146659861.108:221013):&nbsp; 
cwd="/MV/webs/project/html/doc"<BR>type=PATH msg=audit(1146659861.108:221013): 
item=0 name="/var/lib/clamav" flags=103&nbsp; inode=2593916 dev=fd:03 
mode=040755 ouid=100 ogid=101 rdev=00:00<BR></FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>I've also setsebool 
-P on allow_execstack and allow_httpd_anon_write amongst others, and the 
relevant directories have the following context to allow httpd and samba to play 
nice together:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006>user_u:object_r:public_content_rw_t</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>Anyone able to shed 
some light on this?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>Other (maybe) 
relevant info:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006># ls -alZ 
/var/lib/clamav/<BR>drwxr-xr-x&nbsp; clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
system_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; .<BR>drwxr-xr-x&nbsp; 
root&nbsp;&nbsp;&nbsp;&nbsp; root&nbsp;&nbsp;&nbsp;&nbsp; 
system_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ..<BR>-rw-r--r--&nbsp; 
clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
user_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
daily.cvd<BR>-rw-r--r--&nbsp; clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
user_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
daily.cvd.rpmsave<BR>drwx------&nbsp; clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
system_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
Maildir<BR>-rw-r--r--&nbsp; clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
system_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
main.cvd<BR>-rw-r--r--&nbsp; clamav&nbsp;&nbsp; clamav&nbsp;&nbsp; 
user_u:object_r:var_lib_t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
main.cvd.rpmsave<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006># ls -alZ 
/MV/webs/project/html/doc<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; 
apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t .<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; system_u:object_r:public_content_rw_t 
..<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t app<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; 
apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t auth<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
bin<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t config<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
DOCS<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t fckeditor<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
files<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t header<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
include<BR>-rwxrwx--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t index.php<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
javascript<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t lang<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; 
apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
modules<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t scripts<BR>drwsrws--x&nbsp; 
apache&nbsp;&nbsp; apache&nbsp;&nbsp; user_u:object_r:public_content_rw_t 
themes<BR>drwsrws--x&nbsp; apache&nbsp;&nbsp; apache&nbsp;&nbsp; 
user_u:object_r:public_content_rw_t webdav<BR></DIV></SPAN></FONT>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>It also seems that 
docmgr is calling clamscan on a temp file found in /tmp.&nbsp; But I haven't 
been able to confirm the context of the target file as yet.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=275144812-03052006>Thanks,</SPAN></FONT></DIV><!-- Converted from text/rtf format -->
<P align=left><SPAN lang=en-au><FONT face=Arial size=2>Robert 
Foster</FONT></SPAN> </P></BODY></HTML>