On 08/22/2010 08:24 PM, Arthur Dent wrote:
OK - I have removed the module. As each new denial comes in I will
post
the AVCs here. In the meantime I have included (at the bottom of this
mail) the AVCs that led to the creation of this module.
I rather we start all over because some of the avc denials below dont
make sense i believe.
Which version of policy are you using?
Raw AVCs posted below. If I can, I would prefer to avoid semodule -DB -
at least until there's no alternative. The last time I did this I was
swamped with messages...
You can. We're starting over.
Thanks for your help so far...
OLD Raw AVCs:
=============
(Note: I have not attempted to remove duplicates in case they may not
actually be duplicates...)
# grep clam /var/log/audit/audit.log
type=AVC msg=audit(1281549967.522:25603): avc: denied { write } for pid=7413
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549967.522:25603): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf9c19b0 a2=3 a3=0 items=0 ppid=7409 pid=7413 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549967.553:25604): avc: denied { write } for pid=7419
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549967.553:25604): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfe176c0 a2=3 a3=1 items=0 ppid=7409 pid=7419 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549968.933:25605): avc: denied { write } for pid=7433
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549968.933:25605): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf9f7d60 a2=3 a3=0 items=0 ppid=7429 pid=7433 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549968.944:25606): avc: denied { write } for pid=7437
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549968.944:25606): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfef94f0 a2=3 a3=1 items=0 ppid=7429 pid=7437 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549972.233:25607): avc: denied { write } for pid=7457
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549972.233:25607): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bffd3850 a2=3 a3=0 items=0 ppid=7453 pid=7457 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549972.245:25608): avc: denied { write } for pid=7461
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549972.245:25608): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfbd0860 a2=3 a3=1 items=0 ppid=7453 pid=7461 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549974.951:25609): avc: denied { write } for pid=7480
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549974.951:25609): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfdd9980 a2=3 a3=0 items=0 ppid=7476 pid=7480 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549974.962:25610): avc: denied { write } for pid=7484
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549974.962:25610): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf9009f0 a2=3 a3=1 items=0 ppid=7476 pid=7484 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549979.649:25611): avc: denied { write } for pid=7503
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549979.649:25611): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfa76ac0 a2=3 a3=0 items=0 ppid=7499 pid=7503 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549979.684:25612): avc: denied { write } for pid=7509
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549979.684:25612): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfee7530 a2=3 a3=1 items=0 ppid=7499 pid=7509 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549989.907:25613): avc: denied { write } for pid=7547
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549989.907:25613): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bff2eae0 a2=3 a3=0 items=0 ppid=7543 pid=7547 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549989.918:25614): avc: denied { write } for pid=7552
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549989.918:25614): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bff8b3b0 a2=3 a3=1 items=0 ppid=7543 pid=7552 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549992.167:25615): avc: denied { write } for pid=7569
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549992.167:25615): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfb02b50 a2=3 a3=0 items=0 ppid=7565 pid=7569 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549992.178:25616): avc: denied { write } for pid=7573
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549992.178:25616): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf8de0a0 a2=3 a3=1 items=0 ppid=7565 pid=7573 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549995.114:25617): avc: denied { write } for pid=7593
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549995.114:25617): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfea68f0 a2=3 a3=0 items=0 ppid=7589 pid=7593 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549995.129:25618): avc: denied { write } for pid=7598
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549995.129:25618): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bffb0530 a2=3 a3=1 items=0 ppid=7589 pid=7598 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549997.583:25619): avc: denied { write } for pid=7617
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549997.583:25619): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfdedaa0 a2=3 a3=0 items=0 ppid=7613 pid=7617 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549997.594:25620): avc: denied { write } for pid=7621
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549997.594:25620): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfb8fcc0 a2=3 a3=1 items=0 ppid=7613 pid=7621 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549998.782:25621): avc: denied { write } for pid=7637
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549998.782:25621): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bffd7cc0 a2=3 a3=0 items=0 ppid=7633 pid=7637 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281549998.795:25622): avc: denied { write } for pid=7641
comm="clamdscan" name="clamd.sock" dev=sda6 ino=269301
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281549998.795:25622): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfa4cfd0 a2=3 a3=1 items=0 ppid=7633 pid=7641 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553746.456:28957): avc: denied { write } for pid=1875
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281553746.456:28957): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfd26f70 a2=3 a3=0 items=0 ppid=1871 pid=1875 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553746.467:28958): avc: denied { write } for pid=1879
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281553746.467:28958): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bffec380 a2=3 a3=1 items=0 ppid=1871 pid=1879 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553747.846:28959): avc: denied { write } for pid=1891
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281553747.846:28959): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfc59ac0 a2=3 a3=0 items=0 ppid=1887 pid=1891 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281553747.853:28960): avc: denied { write } for pid=1895
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281553747.853:28960): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfd65ef0 a2=3 a3=1 items=0 ppid=1887 pid=1895 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281556447.007:29081): avc: denied { write } for pid=2066
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281556447.007:29081): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfe8c5f0 a2=3 a3=0 items=0 ppid=2062 pid=2066 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281556447.066:29082): avc: denied { write } for pid=2072
comm="clamdscan" name="clamd.sock" dev=sda6 ino=265935
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0
tclass=sock_file
Somehow you were running clamd in the init script domain rather then in
the clamd domain, this caused clamd to create its socket with a wrong
type, causing clamscan, which by the way seems to run in the wrong
domain aswell, to be denied access to the mislabelled sock file.
type=SYSCALL msg=audit(1281556447.066:29082): arch=40000003
syscall=102 success=no exit=-13 a0=3 a1=bf95f8f0 a2=3 a3=1 items=0 ppid=2062 pid=2072
auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none)
ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281560962.921:29306): avc: denied { connectto } for pid=2813
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281560962.921:29306): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfe09950 a2=3 a3=0 items=0 ppid=2809 pid=2813 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281560962.956:29307): avc: denied { connectto } for pid=2819
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1281560962.956:29307): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfa97fd0 a2=3 a3=1 items=0 ppid=2809 pid=2819 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281708366.973:25738): avc: denied { connectto } for pid=4423
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=SYSCALL msg=audit(1281708366.973:25738): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfa9ce30 a2=3 a3=0 items=0 ppid=4419 pid=4423 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281708367.002:25739): avc: denied { connectto } for pid=4427
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=SYSCALL msg=audit(1281708367.002:25739): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf91cf30 a2=3 a3=1 items=0 ppid=4419 pid=4427 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281709806.425:25816): avc: denied { connectto } for pid=4791
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=SYSCALL msg=audit(1281709806.425:25816): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bf933ba0 a2=3 a3=0 items=0 ppid=4787 pid=4791 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281709806.479:25817): avc: denied { connectto } for pid=4797
comm="clamdscan" path="/var/run/clamd/clamd.sock"
scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:initrc_t:s0
tclass=unix_stream_socket
type=SYSCALL msg=audit(1281709806.479:25817): arch=40000003 syscall=102 success=no
exit=-13 a0=3 a1=bfdc0d20 a2=3 a3=1 items=0 ppid=4787 pid=4797 auid=4294967295 uid=0
gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
This is clamscan trying to stream connect to clamd that is running in
the wrong (init rc script domain)
My first guess is that you have mislabeled files. Try to relabel your
file system and then try again from scratch, then if you get any AVC
denials please send them here.
type=AVC msg=audit(1281822126.149:31680): avc: denied { write } for
pid=7792 comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281822126.149:31680): arch=40000003 syscall=102 success=yes
exit=0 a0=3 a1=bfc60bb0 a2=3 a3=0 items=0 ppid=7788 pid=7792 auid=4294967295 uid=0 gid=12
euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281823207.443:31735): avc: denied { write } for pid=7961
comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281823207.443:31735): arch=40000003 syscall=102 success=yes
exit=0 a0=3 a1=bfd83ea0 a2=3 a3=0 items=0 ppid=7957 pid=7961 auid=4294967295 uid=0 gid=12
euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281825185.251:31827): avc: denied { write } for pid=8786
comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281825185.251:31827): arch=40000003 syscall=102 success=yes
exit=0 a0=3 a1=bfc7a9e0 a2=3 a3=0 items=0 ppid=8782 pid=8786 auid=4294967295 uid=0 gid=12
euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
type=AVC msg=audit(1281826265.840:31876): avc: denied { write } for pid=8910
comm="clamdscan" name="clamd.sock" dev=sda6 ino=263415
scontext=system_u:system_r:procmail_t:s0 tcontext=unconfined_u:object_r:clamd_var_run_t:s0
tclass=sock_file
type=SYSCALL msg=audit(1281826265.840:31876): arch=40000003 syscall=102 success=yes
exit=0 a0=3 a1=bfe511a0 a2=3 a3=0 items=0 ppid=8906 pid=8910 auid=4294967295 uid=0 gid=12
euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295
comm="clamdscan" exe="/usr/local/bin/clamdscan"
subj=system_u:system_r:procmail_t:s0 key=(null)
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux