I would start by trying something like
chcon -t bin_t *`which squidclamav`
Btw where does squidclamav reside?
*
Could someone please help me with the following errors:
*audit(1129788324.500:0): avc: denied { execute } for pid=3105
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.501:0): avc: denied { execute } for pid=3106
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.507:0): avc: denied { execute } for pid=3107
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.510:0): avc: denied { execute } for pid=3108
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.514:0): avc: denied { execute } for pid=3109
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.517:0): avc: denied { execute } for pid=3110
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.521:0): avc: denied { execute } for pid=3111
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.522:0): avc: denied { execute } for pid=3112
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.528:0): avc: denied { execute } for pid=3113
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file
audit(1129788324.529:0): avc: denied { execute } for pid=3114
exe=/usr/sbin/squid name=squidclamav dev=hda8 ino=185872
scontext=user_u:system_r:squid_t t
context=root:object_r:usr_t tclass=file*
These errors are from dmesg, and occured after compiling and
installing squidclam from source.
Here is the output of selinuxconf:
[*root@shiva jay]# selinuxconfig
selinux state="enforcing"
policypath="/etc/selinux/targeted"
default_type_path="/etc/selinux/targeted/contexts/default_type"
default_context_path="/etc/selinux/targeted/contexts/default_contexts"
default_failsafe_context_path="/etc/selinux/targeted/contexts/failsafe_context"
binary_policy_path="/etc/selinux/targeted/policy/policy"
user_contexts_path="/etc/selinux/targeted/contexts/users/"
contexts_path="/etc/selinux/targeted/contexts"*
Output of uname -a:
*[root@shiva jay]# uname -a
Linux shiva 2.6.9-1.667smp #1 SMP Tue Nov 2 14:59:52 EST 2004 i686
i686 i386 GNU/Linux*
Any help would be greatly appreciated.
God bless.
fedora-selinux-list-request(a)redhat.com wrote:
> Send fedora-selinux-list mailing list submissions to
> fedora-selinux-list(a)redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> or, via email, send a message with subject or body 'help' to
> fedora-selinux-list-request(a)redhat.com
>
> You can reach the person managing the list at
> fedora-selinux-list-owner(a)redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of fedora-selinux-list digest..."
>
>
> Today's Topics:
>
> 1. Re: mailman cgi-bin denied search (Tim Fenn)
> 2. Preserving Context with tar (W. Scott wilburn)
> 3. Re: mailman cgi-bin denied search (Daniel J Walsh)
> 4. Re: Preserving Context with tar (Daniel J Walsh)
> 5. Re: mailman cgi-bin denied search (Tim Fenn)
> 6. Re: Preserving Context with tar (Stephen Smalley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 19 Oct 2005 13:49:47 -0700
> From: Tim Fenn <fenn(a)stanford.edu>
> Subject: Re: mailman cgi-bin denied search
> To: Daniel J Walsh <dwalsh(a)redhat.com>
> Cc: fedora-selinux-list(a)redhat.com
> Message-ID: <20051019204947.GC6466(a)stanford.edu>
> Content-Type: text/plain; charset=us-ascii
>
> On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:
>
>> Tim Fenn wrote:
>>
>>> I recently installed mailman on my FC3 box (using the redhat based
>>> RPMs), and it seems to be working just fine, except for the numerous
>>> avc messages it cranks out whenever I run one of the cgi scripts
>>> associated with mailman (e.g. via the web interface):
>>>
>>> Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc: denied
>>> { search } for pid=18761 comm="listinfo" name="run"
dev=sda1
>>> ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
>>> u:object_r:var_run_t tclass=dir
>>>
>>>
>> Why would mailman listinfo be searching /var/log directory?
>>
>>
>
> Well, I get the same errors with mailmanctl:
>
> ./mailmanctl status
>
> yields no output, and the following errors:
> Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc: denied
> { read write } for pid=20837 comm="mailmanctl" name="3"
dev=devpts
> ino=5 scontext=root:system_r:mailman_mail_t
> tcontext=root:object_r:devpts_t tclass=chr_file
> Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc: denied
> { search } for pid=20837 comm="mailmanctl" name="run" dev=sda1
> ino=1294372 scontext=root:system_r:mailman_mail_t
> tcontext=system_u:object_r:var_run_t tclass=dir
> Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc: denied
> { setgid } for pid=20837 comm="mailmanctl" capability=6
> scontext=root:system_r:mailman_mail_t
> tcontext=root:system_r:mailman_mail_t tclass=capability
>
> However, if I comment out:
>
> from Mailman.Logging.Syslog import syslog
>
> in the mailmanctl script, all is well:
>
> # ./mailmanctl status
> mailman (pid 17677) is running...
>
> and no error messages. I would assume the same is true with the
> cgi-bin scripts, such as listinfo. Should I file a bugzilla report?
>
> Regards,
> Tim
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 19 Oct 2005 15:56:06 -0600
> From: "W. Scott wilburn" <wilburn(a)lanl.gov>
> Subject: Preserving Context with tar
> To: fedora-selinux-list(a)redhat.com
> Message-ID: <20051019215606.GE4717(a)wilburn.lanl.gov>
> Content-Type: text/plain; charset=us-ascii
>
> Sorry to be asking such a simple question. Is it possible to preserve
> file contexts using tar? I would have thought -p would do this, but
> it appears no, atleast on RHEL4 and FC4.
>
> The reason to do this is a use tar to install modified config files on
> new machines. Having to relabel after doing this is somewhat slow.
> Perhaps there is a better solution?
>
> Thanks,
> Scott Wilburn
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 19 Oct 2005 22:31:36 -0400
> From: Daniel J Walsh <dwalsh(a)redhat.com>
> Subject: Re: mailman cgi-bin denied search
> To: Daniel J Walsh <dwalsh(a)redhat.com>, fedora-selinux-list(a)redhat.com
> Message-ID: <43570188.5060201(a)redhat.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Tim Fenn wrote:
>
>> On Wed, Oct 19, 2005 at 09:57:07AM -0400, Daniel J Walsh wrote:
>>
>>
>>> Tim Fenn wrote:
>>>
>>>
>>>> I recently installed mailman on my FC3 box (using the redhat based
>>>> RPMs), and it seems to be working just fine, except for the numerous
>>>> avc messages it cranks out whenever I run one of the cgi scripts
>>>> associated with mailman (e.g. via the web interface):
>>>>
>>>> Oct 19 00:34:21 agora kernel: audit(1129707261.236:212): avc: denied
>>>> { search } for pid=18761 comm="listinfo" name="run"
dev=sda1
>>>> ino=1294372 scontext=root:system_r:mailman_cgi_t tcontext=system_
>>>> u:object_r:var_run_t tclass=dir
>>>>
>>>>
>>>>
>>> Why would mailman listinfo be searching /var/log directory?
>>>
>>>
>>>
>> Well, I get the same errors with mailmanctl:
>>
>> ./mailmanctl status
>>
>> yields no output, and the following errors:
>> Oct 19 13:22:39 agora kernel: audit(1129753359.647:314): avc: denied
>> { read write } for pid=20837 comm="mailmanctl" name="3"
dev=devpts
>> ino=5 scontext=root:system_r:mailman_mail_t
>> tcontext=root:object_r:devpts_t tclass=chr_file
>> Oct 19 13:22:39 agora kernel: audit(1129753359.694:318): avc: denied
>> { search } for pid=20837 comm="mailmanctl" name="run"
dev=sda1
>> ino=1294372 scontext=root:system_r:mailman_mail_t
>> tcontext=system_u:object_r:var_run_t tclass=dir
>> Oct 19 13:22:39 agora kernel: audit(1129753359.802:322): avc: denied
>> { setgid } for pid=20837 comm="mailmanctl" capability=6
>> scontext=root:system_r:mailman_mail_t
>> tcontext=root:system_r:mailman_mail_t tclass=capability
>>
>> However, if I comment out:
>>
>> from Mailman.Logging.Syslog import syslog
>>
>> in the mailmanctl script, all is well:
>>
>> # ./mailmanctl status
>> mailman (pid 17677) is running...
>>
>> and no error messages. I would assume the same is true with the
>> cgi-bin scripts, such as listinfo. Should I file a bugzilla report?
>>
>> Regards,
>> Tim
>>
>>
> Yes. submit a bug. Although generating these in FC4 would be far more
> interesting. Also do these AVC messages cause problems or are they just
> being reported. No output from the script is fixed in FC4.
>
>
>
>
--
Jayendren Anand Maduray
Microsoft Certified Professional
Network Plus
IT Administrator
Perinatal HIV Research Unit
Old Potch Road
Chris Hani Baragwanath Hospital
Soweto
South Africa
Tel: +27 11 989 9776
Tel: +27 11 989 9999
Fax: +27 11 938 3973
Cel: 082 22 774 94
Alternate email address: jayendren(a)mweb.co.za
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list