SOLVED: error ClamAV daemon
Peter Lesterhuis
peterlesterhuis at tiscali.nl
Wed Jun 14 22:22:24 UTC 2006
>
> OK, I could load the module now.
> > The output of # semodule -l is:
> > # semodule -l
> > amavis 1.0.4
> > clamav 1.0.1
> > myclamd 0.1.0
> > myfreshclam 0.1.0
> > pyzor 1.0.1
> >
> > I ran the "restorecon"-command (first line only?)
> > After this I could start clamd also in enforced mode.
>
>
> Good.
>
>
>> > But in /var/log/audit/audit.log there still are some "avc= denied" messages.
>> >
>> > # cat audit.log
>>
>
> (snip non-AVC audit messages)
>
>
>> > type=AVC msg=audit(1150311069.037:9): avc: denied { search } for
>> > pid=2352 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0
>> > tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
>> > type=SYSCALL msg=audit(1150311069.037:9): arch=40000003 syscall=149
>> > success=no exit=-1 a0=bf8bb3c0 a1=4f32aff4 a2=4f4a1e00 a3=bf8bb3b8
>> > items=0 pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
>> > egid=0 sgid=0 fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
>>
>
> Reading kernel sysctl (not sure what for)
>
>
>> > type=AVC msg=audit(1150311069.037:10): avc: denied { search } for
>> > pid=2352 comm="freshclam" name="/" dev=proc ino=1
>> > scontext=system_u:system_r:freshclam_t:s0
>> > tcontext=system_u:object_r:proc_t:s0 tclass=dir
>> > type=SYSCALL msg=audit(1150311069.037:10): arch=40000003 syscall=5
>> > success=no exit=-13 a0=4f49e020 a1=0 a2=bf8bb420 a3=b7f9f6bc items=1
>> > pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>> > fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
>> > type=CWD msg=audit(1150311069.037:10): cwd="/"
>> > type=PATH msg=audit(1150311069.037:10): item=0
>> > name="/proc/sys/kernel/version" flags=101
>>
>
> Trying to read /proc/sys/kernel/version
>
>
>> > type=AVC msg=audit(1150311069.037:11): avc: denied { read } for
>> > pid=2352 comm="freshclam" name="freshclam.conf" dev=dm-0 ino=2736205
>> > scontext=system_u:system_r:freshclam_t:s0
>> > tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
>> > type=SYSCALL msg=audit(1150311069.037:11): arch=40000003 syscall=5
>> > success=no exit=-13 a0=804f7a1 a1=0 a2=1b6 a3=9796090 items=1 pid=2352
>> > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> > comm="freshclam" exe="/usr/bin/freshclam"
>> > type=CWD msg=audit(1150311069.037:11): cwd="/"
>> > type=PATH msg=audit(1150311069.037:11): item=0
>> > name="/etc/freshclam.conf" flags=101 inode=2736205 dev=fd:00
>> > mode=0100640 ouid=0 ogid=0 rdev=00:00
>>
>
> This looks like a labelling issue. Can you post the output of:
>
> # ls -lZ /etc/freshclam.conf
> # restorecon -v /etc/freshclam.conf
>
> Which packages are you using for clamav? I see nothing in the Extras
> version that might result in this.
>
>
>> > type=AVC msg=audit(1150311069.037:12): avc: denied { search } for
>> > pid=2352 comm="freshclam" name="/" dev=proc ino=1
>> > scontext=system_u:system_r:freshclam_t:s0
>> > tcontext=system_u:object_r:proc_t:s0 tclass=dir
>> > type=SYSCALL msg=audit(1150311069.037:12): arch=40000003 syscall=5
>> > success=no exit=-13 a0=4f315039 a1=0 a2=4f32aff4 a3=9796608 items=1
>> > pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
>> > fsgid=0 comm="freshclam" exe="/usr/bin/freshclam"
>> > type=CWD msg=audit(1150311069.037:12): cwd="/"
>> > type=PATH msg=audit(1150311069.037:12): item=0
>> > name="/proc/sys/kernel/ngroups_max" flags=101
>>
>
> Trying to read /proc/sys/kernel/ngroups_max
>
> All the remaining audit messages are not SELinux-related.
>
> Can you let me know if freshclam works OK in enforcing mode after doing
> the "restorecon" above please (also look for any more AVC messages).
>
# ls -lZ /etc/freshclam.conf
-rw-r----- root root user_u:object_r:rpm_script_tmp_t /etc/freshclam.conf
# restorecon -v /etc/freshclam.conf
restorecon reset /etc/freshclam.conf context
user_u:object_r:rpm_script_tmp_t->system_u:object_r:etc_t
I am using the clamav-package from crash-hat:
rpm -qi clamav
Name : clamav Relocations: (not relocatable)
Version : 0.88.2 Vendor: B.O.F.H. Corp.
Release : 1 Build Date: Sun 30 Apr 2006
18:22:02 CEST
Install Date: Tue 09 May 2006 17:37:55 CEST Build Host: mr.kristof.cz
Group : System Environment/Daemons Source RPM:
clamav-0.88.2-1.src.rpm
Size : 2532231 License: GPL
Signature : DSA/SHA1, Sun 30 Apr 2006 18:23:38 CEST, Key ID
707526816cdf2cc1
Packager : Petr at Kristof.CZ
URL : http://www.clamav.net/
Summary : Clamav - an antivirus toolkit for Unix
Description :
...
Freshclam works all right.
There are no new AVC messages.
Peter.
More information about the fedora-list
mailing list