[CentOS] selinux & httpd & portmap

Mon Jul 28 15:14:02 UTC 2008
Craig White <craigwhite at azapple.com>

On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote:
> Summary:
> 
> SELinux is preventing clamd (clamd_t) "read" to ./daily.cld (var_t).
> 
> Detailed Description:
> 
> [SELinux is in permissive mode, the operation would have been denied
> but was
> permitted due to permissive mode.]
> 
> SELinux denied access requested by clamd. It is not expected that
> this 
> access is
> required by clamd and this access may signal an intrusion attempt. It
> is 
> also
> possible that the specific version or configuration of the application
> is
> causing it to require additional access.
> 
> Allowing Access:
> 
> Sometimes labeling problems can cause SELinux denials. You could try
> to 
> restore
> the default system file context for ./daily.cld,
> 
> restorecon -v './daily.cld'
> 
> If this does not work, there is currently no automatic way to allow
> this 
> access.
> Instead, you can generate a local policy module to allow this access
> - 
> see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can 
> disable
> SELinux protection altogether. Disabling SELinux protection is not 
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:clamd_t:s0
> Target Context                system_u:object_r:var_t:s0
> Target Objects                ./daily.cld [ file ]
> Source                        clamd
> Source Path                   /usr/sbin/clamd
> Port                          <Unknown>
> Host                          <Unknown>
> Source RPM Packages           clamd-0.93.3-1.el5.rf
> Target RPM Packages
> Policy RPM                    selinux-policy-2.4.6-137.1.el5
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Permissive
> Plugin Name                   catchall_file
> Host Name                     mail.alltechmedicalsystemsamerica.com
> Platform                      Linux
> mail.alltechmedicalsystemsamerica.com
>                                2.6.18-92.1.6.el5 #1 SMP Wed Jun 25 
> 13:49:24 EDT
>                                2008 i686 athlon
> Alert Count                   2
> First Seen                    Fri Jul 25 14:44:44 2008
> Last Seen                     Fri Jul 25 15:38:04 2008
> Local ID                      c0eb4a2f-6b73-4632-8f93-ca7dc67bb0f2
> Line Numbers                  11, 12, 102, 103
> 
> Raw Audit Messages
> 
> type=AVC msg=audit(1217014684.863:88): avc:  denied  { read } for 
> pid=2027 comm="clamd" name="daily.cld" dev=md0 ino=980633 
> scontext=system_u:system_r:clamd_t:s0 
> tcontext=system_u:object_r:var_t:s0 tclass=file
> 
> type=SYSCALL msg=audit(1217014684.863:88): arch=40000003 syscall=33 
> success=yes exit=0 a0=b156a88 a1=4 a2=3e1e20 a3=b156a88 items=0
> ppid=1 
> pid=2027 auid=4294967295 uid=101 gid=203 euid=101 suid=101 fsuid=101 
> egid=203 sgid=203 fsgid=203 tty=(none) ses=4294967295 comm="clamd" 
> exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
----
you definitely want to run...

restorecon -v './var/clamav/daily.cld'
or something like...
chcon -t system_u:system_r:clamd_t:s0 /var/clamav/daily.cld

Craig