[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problems with clamav and httpd



Hi all,
Been playing with docmgr (http://docmgr.sourceforge.net) and discovered that when uploading a file, it fails because clamav can't scan the uploaded content.  Audit log contains the following relevant lines:
 
type=AVC msg=audit(1146659861.108:221013): avc:  denied  { read } for  pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1146659861.108:221013): arch=40000003 syscall=5 success=no exit=-13 a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1 pid=15887 auid=1000 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="clamscan" exe="/usr/bin/clamscan"
type=CWD msg=audit(1146659861.108:221013):  cwd="/MV/webs/project/html/doc"
type=PATH msg=audit(1146659861.108:221013): item=0 name="/var/lib/clamav" flags=103  inode=2593916 dev=fd:03 mode=040755 ouid=100 ogid=101 rdev=00:00
I've also setsebool -P on allow_execstack and allow_httpd_anon_write amongst others, and the relevant directories have the following context to allow httpd and samba to play nice together:
 
user_u:object_r:public_content_rw_t
 
Anyone able to shed some light on this?
 
Other (maybe) relevant info:
# ls -alZ /var/lib/clamav/
drwxr-xr-x  clamav   clamav   system_u:object_r:var_lib_t      .
drwxr-xr-x  root     root     system_u:object_r:var_lib_t      ..
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t        daily.cvd
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t        daily.cvd.rpmsave
drwx------  clamav   clamav   system_u:object_r:var_lib_t      Maildir
-rw-r--r--  clamav   clamav   system_u:object_r:var_lib_t      main.cvd
-rw-r--r--  clamav   clamav   user_u:object_r:var_lib_t        main.cvd.rpmsave
# ls -alZ /MV/webs/project/html/doc
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t .
drwsrws--x  apache   apache   system_u:object_r:public_content_rw_t ..
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t app
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t auth
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t bin
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t config
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t DOCS
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t fckeditor
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t files
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t header
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t include
-rwxrwx--x  apache   apache   user_u:object_r:public_content_rw_t index.php
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t _javascript_
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t lang
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t modules
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t scripts
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t themes
drwsrws--x  apache   apache   user_u:object_r:public_content_rw_t webdav
It also seems that docmgr is calling clamscan on a temp file found in /tmp.  But I haven't been able to confirm the context of the target file as yet.
 
Thanks,

Robert Foster


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]