On 07/07/2013, at 3:47 AM, "Frank Murphy" <frankly3d(a)gmail.com> wrote:
On Sat, 6 Jul 2013 22:24:35 +1000
Douglas Brown <d46.brown(a)student.qut.edu.au> wrote:
> Try this:
>
> First run: semanage dontaudit off
>
> Which will disable any 'dontaudit' rules.
>
> Rerun clam.
>
> Then: grep clam /var/log/audit/audit.log | audit2why
>
> semanage dontaudit on
>
> This *may* give you somewhere to start.
>
> Cheers,
> Doug
This came back will try it:
grep clam /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1373130883.401:2868): avc: denied { execmem }
for pid=1144 comm="clamd" scontext=system_u:system_r:antivirus_t:s0
tcontext=system_u:system_r:antivirus_t:s0 tclass=process
Was caused by:
The boolean antivirus_use_jit was set incorrectly.
Description:
Determine whether can antivirus programs use JIT compiler.
Allow access by executing:
# setsebool -P antivirus_use_jit 1
Could you please also check the boolean is referenced using 'antivirus...' instead
of 'clamav...' in the applicable man pages with apropos, then submit a bug
report?
Cheers,
Doug