Problems with clamav and httpd

Robert Foster rfoster at mountainvisions.com.au
Wed May 3 13:03:06 UTC 2006 

Hi all,
Been playing with docmgr (http://docmgr.sourceforge.net) and discovered that
when uploading a file, it fails because clamav can't scan the uploaded
content.  Audit log contains the following relevant lines:
 
type=AVC msg=audit(1146659861.108:221013): avc:  denied  { read } for
pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1146659861.108:221013): arch=40000003 syscall=5
success=no exit=-13 a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1
pid=15887 auid=1000 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="clamscan" exe="/usr/bin/clamscan"
type=CWD msg=audit(1146659861.108:221013):  cwd="/MV/webs/project/html/doc"
type=PATH msg=audit(1146659861.108:221013): item=0 name="/var/lib/clamav"
flags=103  inode=2593916 dev=fd:03 mode=040755 ouid=100 ogid=101 rdev=00:00

I've also setsebool -P on allow_execstack and allow_httpd_anon_write amongst
others, and the relevant directories have the following context to allow
httpd and samba to play nice together:
 
user_u:object_r:public_content_rw_t
 
Anyone able to shed some light on this?
 
Other (maybe) relevant info:
# ls -alZ /var/lib/clamav/
drwxr-xr-x  clamav   clamav   system_u:object_r:var_lib_t      .
drwxr-xr-x  root     root     system_u:object_r:var_lib_t      ..
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t        daily.cvd
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t
daily.cvd.rpmsave
drwx------  clamav   clamav   system_u:object_r:var_lib_t      Maildir
-rw-r--r--  clamav   clamav   system_u:object_r:var_lib_t      main.cvd
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t
main.cvd.rpmsave

# ls -alZ /MV/webs/project/html/doc
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t .
drwsrws--x  apache   apache   system_u:object_r:public_content_rw_t ..
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t app
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t auth
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t bin
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t config
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t DOCS
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t fckeditor
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t files
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t header
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t include
-rwxrwx--x  apache   apache   user_u:object_r:public_content_rw_t index.php
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t javascript
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t lang
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t modules
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t scripts
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t themes
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t webdav

It also seems that docmgr is calling clamscan on a temp file found in /tmp.
But I haven't been able to confirm the context of the target file as yet.
 
Thanks,

Robert Foster 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060503/ac54104e/attachment.html

More information about the selinux mailing list