I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
usermod -a -G amavis clam service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 24.01.2013, at 19:15, Robert Moskowitz rgm@htt-consult.com wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
What are the permission for /var/spool/amavisd.
Did you try: service clam stop service clam start Instead of: restart? (it is not the same)
On 01/24/2013 02:22 PM, Rob wrote:
On 24.01.2013, at 19:15, Robert Moskowitz rgm@htt-consult.com wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
What are the permission for /var/spool/amavisd.
amavis:amavis
Did you try: service clam stop service clam start Instead of: restart? (it is not the same)
Does boot count? ;)
Yes this was from a clean boot. And I just powered up the system again today and it repeated the permissions problem.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
On hold until monday. It was decided we (family) would pack up and go to Chicago for the weekend. Will work on this when I get back. Thanks for the pointer.
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlEBkB4ACgkQrlYvE4MpobPzzwCeLiolKq7hzthQKuWaLtLHmQIO zVYAoOnEBvhNGxlPjIoptc7S5ueP2ev4 =YNrJ -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.529:29): avc: denied { remove_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file
Hope this helps!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.529:29): avc: denied { remove_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file
Hope this helps!
Try policy on people.redhat.com/dwalsh/SELinux/RHEL6
On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
I am trying to follow:
http://wiki.centos.org/HowTos/Amavisd
Which seems to really be written for Centos 5, with just some selinux references for Centos 6. There are real problems here for Centos 6 with the userids section.
It gives the following command and result:
cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam Anti Virus Checker:/var/clamav:/sbin/nologin amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh
But my Centos 6.3 has:
clam:x:494:490:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:493:489::/var/spool/amavisd:/sbin/nologin
Note the difference in userid clam instead of clamav. So this causes problems with the group recommendation:
In addition, the clamav user should automatically have been added to the amavis group:
# groups clamav clamav : clamav amavis
If not, you can manually add clamav to the amavis group:
gpasswd -a clamav amavis
so I did:
gpasswd -a clam amavis
So far, it seems just changing what userid is now used by clamav...
But in testing for spam I see the following in /var/log/maillog
Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: lstat() failed: Permission denied. ERROR\n"
I checked this directory tree and all along the tree the permissions are to amavis:amavis
So where is my permission problem?
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.529:29): avc: denied { remove_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file
Hope this helps!
Try policy on people.redhat.com/dwalsh/SELinux/RHEL6
This is a little too cryptic for me. I went to this url and since my system is i386 architecture, I went to the i686 directory. There I find a number of RPMs and a number that start with policy. I assume I can add this to my yum.repo over whatever I normally get for Centos, but what do I install or update?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 02:39 PM, Robert Moskowitz wrote:
On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote:
usermod -a -G amavis clam
How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
service clamd restart
be happy
On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com wrote:
> I am trying to follow: > > http://wiki.centos.org/HowTos/Amavisd > > Which seems to really be written for Centos 5, with just some > selinux references for Centos 6. There are real problems here > for Centos 6 with the userids section. > > It gives the following command and result: > > cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam > Anti Virus Checker:/var/clamav:/sbin/nologin > amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh > > But my Centos 6.3 has: > > clam:x:494:490:Clam Anti Virus > Checker:/var/lib/clamav:/sbin/nologin > amavis:x:493:489::/var/spool/amavisd:/sbin/nologin > > Note the difference in userid clam instead of clamav. So this > causes problems with the group recommendation: > > In addition, the clamav user should automatically have been > added to the amavis group: > > # groups clamav clamav : clamav amavis > > If not, you can manually add clamav to the amavis group: > > gpasswd -a clamav amavis > > > so I did: > > gpasswd -a clam amavis > > > So far, it seems just changing what userid is now used by > clamav... > > But in testing for spam I see the following in > /var/log/maillog > > Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av > (ClamAV-clamd) FAILED - unexpected , > output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: > >
lstat() failed: Permission denied. ERROR\n"
> > I checked this directory tree and all along the tree the > permissions are to amavis:amavis > > So where is my permission problem? > > > _______________________________________________ CentOS mailing > list CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.529:29): avc: denied { remove_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file
Hope this helps!
Try policy on people.redhat.com/dwalsh/SELinux/RHEL6
This is a little too cryptic for me. I went to this url and since my system is i386 architecture, I went to the i686 directory. There I find a number of RPMs and a number that start with policy. I assume I can add this to my yum.repo over whatever I normally get for Centos, but what do I install or update?
You want the selinux-policy packes from the noarch directory.
On 01/28/2013 02:46 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 02:39 PM, Robert Moskowitz wrote:
On 01/28/2013 01:15 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/28/2013 11:29 AM, Robert Moskowitz wrote:
On 01/24/2013 02:48 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/24/2013 01:15 PM, Robert Moskowitz wrote:
Thank you for your suggestion, but it did not fix the permissions problem.
On 01/24/2013 10:13 AM, Rob wrote: > usermod -a -G amavis clam How is this different from:
gpasswd -a clam amavis
And I am still getting the permissions error.
> service clamd restart > > be happy > > On 24.01.2013, at 04:16, Robert Moskowitz rgm@htt-consult.com > wrote: > >> I am trying to follow: >> >> http://wiki.centos.org/HowTos/Amavisd >> >> Which seems to really be written for Centos 5, with just some >> selinux references for Centos 6. There are real problems here >> for Centos 6 with the userids section. >> >> It gives the following command and result: >> >> cat /etc/passwd | grep "amavis|clamav" clamav:x:101:102:Clam >> Anti Virus Checker:/var/clamav:/sbin/nologin >> amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh >> >> But my Centos 6.3 has: >> >> clam:x:494:490:Clam Anti Virus >> Checker:/var/lib/clamav:/sbin/nologin >> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin >> >> Note the difference in userid clam instead of clamav. So this >> causes problems with the group recommendation: >> >> In addition, the clamav user should automatically have been >> added to the amavis group: >> >> # groups clamav clamav : clamav amavis >> >> If not, you can manually add clamav to the amavis group: >> >> gpasswd -a clamav amavis >> >> >> so I did: >> >> gpasswd -a clam amavis >> >> >> So far, it seems just changing what userid is now used by >> clamav... >> >> But in testing for spam I see the following in >> /var/log/maillog >> >> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av >> (ClamAV-clamd) FAILED - unexpected , >> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: >> >>
lstat() failed: Permission denied. ERROR\n"
>> I checked this directory tree and all along the tree the >> permissions are to amavis:amavis >> >> So where is my permission problem? >> >> >> _______________________________________________ CentOS mailing >> list CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing > list CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Can you attach the AVC messages from audit log.
ausearch -m avc -ts recent
Back home and booted up test system (thus no questions about clamav state):
---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 comm="clamscan" name="tmp" dev=dm-0 ino=2624119 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC msg=audit(1359389906.529:29): avc: denied { remove_name } for pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file
Hope this helps!
Try policy on people.redhat.com/dwalsh/SELinux/RHEL6
This is a little too cryptic for me. I went to this url and since my system is i386 architecture, I went to the i686 directory. There I find a number of RPMs and a number that start with policy. I assume I can add this to my yum.repo over whatever I normally get for Centos, but what do I install or update?
You want the selinux-policy packes from the noarch directory.
I downloaded all for the directory and did a 'yum localupdate' adn policy and policy-targetted got updated.
I then rebooted to make sure I had everything in sync and the sample-spam-GTUBE-junk.txt test and here is what I see in maillog:
Jan 28 15:15:41 test1 postfix/pickup[1915]: CBC83280AB7: uid=0 from=<root> Jan 28 15:15:41 test1 postfix/cleanup[2776]: CBC83280AB7: message-id=GTUBE1.1010101@example.net Jan 28 15:15:42 test1 postfix/qmgr[1916]: CBC83280AB7: from=root@test1.test.htt-consult.com, size=947, nrcpt=1 (queue active) Jan 28 15:15:42 test1 amavis[2064]: (02064-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130128T151542-02064: root@test1.test.htt-consult.com -> faxit@test.htt-consult.com SIZE=947 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for faxit@test.htt-consult.com; Mon, 28 Jan 2013 15:15:42 -0500 (EST) Jan 28 15:15:42 test1 amavis[2064]: (02064-01) Checking: vsblEndjgbUB root@test1.test.htt-consult.com -> faxit@test.htt-consult.com Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130128T151542-02064/parts: lstat() failed: Permission denied. ERROR\n" Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9f1f038) unexpected , output="/var/spool/amavisd/tmp/amavis-20130128T151542-02064/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!!)WARN: all primary virus scanners failed, considering backups
And then:
[root@test1 ~]# ausearch -m avc -ts recent <no matches>
So no SELinux stuff, but still no permissions. ??
-
Daniel J Walsh -
Rob -
Robert Moskowitz