On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote:
Summary:
SELinux is preventing clamd (clamd_t) "read" to ./daily.cld (var_t).
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]
SELinux denied access requested by clamd. It is not expected that this access is required by clamd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./daily.cld,
restorecon -v './daily.cld'
If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access
see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:clamd_t:s0 Target Context system_u:object_r:var_t:s0 Target Objects ./daily.cld [ file ] Source clamd Source Path /usr/sbin/clamd Port <Unknown> Host <Unknown> Source RPM Packages clamd-0.93.3-1.el5.rf Target RPM Packages Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall_file Host Name mail.alltechmedicalsystemsamerica.com Platform Linux mail.alltechmedicalsystemsamerica.com 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 13:49:24 EDT 2008 i686 athlon Alert Count 2 First Seen Fri Jul 25 14:44:44 2008 Last Seen Fri Jul 25 15:38:04 2008 Local ID c0eb4a2f-6b73-4632-8f93-ca7dc67bb0f2 Line Numbers 11, 12, 102, 103
Raw Audit Messages
type=AVC msg=audit(1217014684.863:88): avc: denied { read } for pid=2027 comm="clamd" name="daily.cld" dev=md0 ino=980633 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1217014684.863:88): arch=40000003 syscall=33 success=yes exit=0 a0=b156a88 a1=4 a2=3e1e20 a3=b156a88 items=0 ppid=1 pid=2027 auid=4294967295 uid=101 gid=203 euid=101 suid=101 fsuid=101 egid=203 sgid=203 fsgid=203 tty=(none) ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
---- you definitely want to run...
restorecon -v './var/clamav/daily.cld' or something like... chcon -t system_u:system_r:clamd_t:s0 /var/clamav/daily.cld
Craig