On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote: > Summary: > > SELinux is preventing clamd (clamd_t) "read" to ./daily.cld (var_t). > > Detailed Description: > > [SELinux is in permissive mode, the operation would have been denied > but was > permitted due to permissive mode.] > > SELinux denied access requested by clamd. It is not expected that > this > access is > required by clamd and this access may signal an intrusion attempt. It > is > also > possible that the specific version or configuration of the application > is > causing it to require additional access. > > Allowing Access: > > Sometimes labeling problems can cause SELinux denials. You could try > to > restore > the default system file context for ./daily.cld, > > restorecon -v './daily.cld' > > If this does not work, there is currently no automatic way to allow > this > access. > Instead, you can generate a local policy module to allow this access > - > see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context system_u:system_r:clamd_t:s0 > Target Context system_u:object_r:var_t:s0 > Target Objects ./daily.cld [ file ] > Source clamd > Source Path /usr/sbin/clamd > Port <Unknown> > Host <Unknown> > Source RPM Packages clamd-0.93.3-1.el5.rf > Target RPM Packages > Policy RPM selinux-policy-2.4.6-137.1.el5 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Permissive > Plugin Name catchall_file > Host Name mail.alltechmedicalsystemsamerica.com > Platform Linux > mail.alltechmedicalsystemsamerica.com > 2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 > 13:49:24 EDT > 2008 i686 athlon > Alert Count 2 > First Seen Fri Jul 25 14:44:44 2008 > Last Seen Fri Jul 25 15:38:04 2008 > Local ID c0eb4a2f-6b73-4632-8f93-ca7dc67bb0f2 > Line Numbers 11, 12, 102, 103 > > Raw Audit Messages > > type=AVC msg=audit(1217014684.863:88): avc: denied { read } for > pid=2027 comm="clamd" name="daily.cld" dev=md0 ino=980633 > scontext=system_u:system_r:clamd_t:s0 > tcontext=system_u:object_r:var_t:s0 tclass=file > > type=SYSCALL msg=audit(1217014684.863:88): arch=40000003 syscall=33 > success=yes exit=0 a0=b156a88 a1=4 a2=3e1e20 a3=b156a88 items=0 > ppid=1 > pid=2027 auid=4294967295 uid=101 gid=203 euid=101 suid=101 fsuid=101 > egid=203 sgid=203 fsgid=203 tty=(none) ses=4294967295 comm="clamd" > exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null) ---- you definitely want to run... restorecon -v './var/clamav/daily.cld' or something like... chcon -t system_u:system_r:clamd_t:s0 /var/clamav/daily.cld Craig