[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Problems with clamav and httpd
- From: "Robert Foster" <rfoster mountainvisions com au>
- To: <fedora-selinux-list redhat com>
- Subject: Problems with clamav and httpd
- Date: Wed, 3 May 2006 23:03:06 +1000
Hi
all,
Been playing with
docmgr (http://docmgr.sourceforge.net) and
discovered that when uploading a file, it fails because clamav can't scan the
uploaded content. Audit log contains the following relevant
lines:
type=AVC
msg=audit(1146659861.108:221013): avc: denied { read } for
pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL
msg=audit(1146659861.108:221013): arch=40000003 syscall=5 success=no exit=-13
a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1 pid=15887 auid=1000 uid=48
gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="clamscan"
exe="/usr/bin/clamscan"
type=CWD msg=audit(1146659861.108:221013):
cwd="/MV/webs/project/html/doc"
type=PATH msg=audit(1146659861.108:221013):
item=0 name="/var/lib/clamav" flags=103 inode=2593916 dev=fd:03
mode=040755 ouid=100 ogid=101 rdev=00:00
I've also setsebool
-P on allow_execstack and allow_httpd_anon_write amongst others, and the
relevant directories have the following context to allow httpd and samba to play
nice together:
user_u:object_r:public_content_rw_t
Anyone able to shed
some light on this?
Other (maybe)
relevant info:
# ls -alZ
/var/lib/clamav/
drwxr-xr-x clamav clamav
system_u:object_r:var_lib_t .
drwxr-xr-x
root root
system_u:object_r:var_lib_t ..
-rw-r--r--
clamav clamav
user_u:object_r:var_lib_t
daily.cvd
-rw-r--r-- clamav clamav
user_u:object_r:var_lib_t
daily.cvd.rpmsave
drwx------ clamav clamav
system_u:object_r:var_lib_t
Maildir
-rw-r--r-- clamav clamav
system_u:object_r:var_lib_t
main.cvd
-rw-r--r-- clamav clamav
user_u:object_r:var_lib_t
main.cvd.rpmsave
# ls -alZ
/MV/webs/project/html/doc
drwsrws--x apache
apache user_u:object_r:public_content_rw_t .
drwsrws--x
apache apache system_u:object_r:public_content_rw_t
..
drwsrws--x apache apache
user_u:object_r:public_content_rw_t app
drwsrws--x apache
apache user_u:object_r:public_content_rw_t auth
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
bin
drwsrws--x apache apache
user_u:object_r:public_content_rw_t config
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
DOCS
drwsrws--x apache apache
user_u:object_r:public_content_rw_t fckeditor
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
files
drwsrws--x apache apache
user_u:object_r:public_content_rw_t header
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
include
-rwxrwx--x apache apache
user_u:object_r:public_content_rw_t index.php
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
_javascript_
drwsrws--x apache apache
user_u:object_r:public_content_rw_t lang
drwsrws--x apache
apache user_u:object_r:public_content_rw_t
modules
drwsrws--x apache apache
user_u:object_r:public_content_rw_t scripts
drwsrws--x
apache apache user_u:object_r:public_content_rw_t
themes
drwsrws--x apache apache
user_u:object_r:public_content_rw_t webdav
It also seems that
docmgr is calling clamscan on a temp file found in /tmp. But I haven't
been able to confirm the context of the target file as yet.
Thanks,
Robert
Foster
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]