<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5346.5" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>Hi
all,</FONT></SPAN></DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>Been playing with
docmgr (<A
href="http://docmgr.sourceforge.net">http://docmgr.sourceforge.net</A>) and
discovered that when uploading a file, it fails because clamav can't scan the
uploaded content. Audit log contains the following relevant
lines:</FONT></SPAN></DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=275144812-03052006><FONT face=Arial size=2>type=AVC
msg=audit(1146659861.108:221013): avc: denied { read } for
pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir<BR>type=SYSCALL
msg=audit(1146659861.108:221013): arch=40000003 syscall=5 success=no exit=-13
a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1 pid=15887 auid=1000 uid=48
gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="clamscan"
exe="/usr/bin/clamscan"<BR>type=CWD msg=audit(1146659861.108:221013):
cwd="/MV/webs/project/html/doc"<BR>type=PATH msg=audit(1146659861.108:221013):
item=0 name="/var/lib/clamav" flags=103 inode=2593916 dev=fd:03
mode=040755 ouid=100 ogid=101 rdev=00:00<BR></FONT></SPAN></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>I've also setsebool
-P on allow_execstack and allow_httpd_anon_write amongst others, and the
relevant directories have the following context to allow httpd and samba to play
nice together:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006>user_u:object_r:public_content_rw_t</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>Anyone able to shed
some light on this?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>Other (maybe)
relevant info:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006># ls -alZ
/var/lib/clamav/<BR>drwxr-xr-x clamav clamav
system_u:object_r:var_lib_t .<BR>drwxr-xr-x
root root
system_u:object_r:var_lib_t ..<BR>-rw-r--r--
clamav clamav
user_u:object_r:var_lib_t
daily.cvd<BR>-rw-r--r-- clamav clamav
user_u:object_r:var_lib_t
daily.cvd.rpmsave<BR>drwx------ clamav clamav
system_u:object_r:var_lib_t
Maildir<BR>-rw-r--r-- clamav clamav
system_u:object_r:var_lib_t
main.cvd<BR>-rw-r--r-- clamav clamav
user_u:object_r:var_lib_t
main.cvd.rpmsave<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006># ls -alZ
/MV/webs/project/html/doc<BR>drwsrws--x apache
apache user_u:object_r:public_content_rw_t .<BR>drwsrws--x
apache apache system_u:object_r:public_content_rw_t
..<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t app<BR>drwsrws--x apache
apache user_u:object_r:public_content_rw_t auth<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
bin<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t config<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
DOCS<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t fckeditor<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
files<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t header<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
include<BR>-rwxrwx--x apache apache
user_u:object_r:public_content_rw_t index.php<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
javascript<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t lang<BR>drwsrws--x apache
apache user_u:object_r:public_content_rw_t
modules<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t scripts<BR>drwsrws--x
apache apache user_u:object_r:public_content_rw_t
themes<BR>drwsrws--x apache apache
user_u:object_r:public_content_rw_t webdav<BR></DIV></SPAN></FONT>
<DIV><FONT face=Arial size=2><SPAN class=275144812-03052006>It also seems that
docmgr is calling clamscan on a temp file found in /tmp. But I haven't
been able to confirm the context of the target file as yet.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=275144812-03052006>Thanks,</SPAN></FONT></DIV><!-- Converted from text/rtf format -->
<P align=left><SPAN lang=en-au><FONT face=Arial size=2>Robert
Foster</FONT></SPAN> </P></BODY></HTML>