Just in the past few days I've received seven of this AVC complaint, and
I haven't seen any of this complaint before that. On 11 July, I updated
selinux to 3.6.12-62.fc11. I currently have clamav-0.95.1-2.fc11.i586,
installed on 1 July. I am not aware of anything that changed on or just
before the 17th. Any ideas?
Here's the sealert:
Thanks
Eddie
Summary:
SELinux is preventing clamd.scan (system_cronjob_t) "write" crond_t.
Detailed Description:
SELinux denied access requested by clamd.scan. It is not expected that
this
access is required by clamd.scan and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:system_cronjob_t:s0
Target Context system_u:system_r:crond_t:s0-s0:c0.c1023
Target Objects pipe [ fifo_file ]
Source clamd.scan
Source Path /bin/bash
Port <Unknown>
Host kilroy.chi.il.us
Source RPM Packages bash-4.0-6.fc11
Target RPM Packages
Policy RPM selinux-policy-3.6.12-62.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name kilroy.chi.il.us
Platform Linux kilroy.chi.il.us
2.6.29.5-191.fc11.i686.PAE
#1 SMP Tue Jun 16 23:19:53 EDT 2009 i686
i686
Alert Count 7
First Seen Fri Jul 17 10:36:13 2009
Last Seen Mon Jul 20 16:36:12 2009
Local ID 39c625f5-4b31-49f2-bb14-57835e8afc61
Line Numbers
Raw Audit Messages
node=kilroy.chi.il.us type=AVC msg=audit(1248125772.619:80082): avc:
denied { write } for pid=3642 comm="clamd.scan"
path="pipe:[8230868]"
dev=pipefs ino=8230868 scontext=system_u:system_r:system_cronjob_t:s0
tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file
node=kilroy.chi.il.us type=SYSCALL msg=audit(1248125772.619:80082):
arch=40000003 syscall=11 success=yes exit=0 a0=9ef08f0 a1=9ef0910
a2=9eeecb8 a3=9ef0910 items=0 ppid=509 pid=3642 auid=0 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2000
comm="clamd.scan" exe="/bin/bash"
subj=system_u:system_r:system_cronjob_t:s0 key=(null)