On 01/28/2013 02:46 PM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/28/2013 02:39 PM, Robert Moskowitz wrote: >> On 01/28/2013 01:15 PM, Daniel J Walsh wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>> >>> On 01/28/2013 11:29 AM, Robert Moskowitz wrote: >>>> On 01/24/2013 02:48 PM, Daniel J Walsh wrote: >>>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> >>>>> On 01/24/2013 01:15 PM, Robert Moskowitz wrote: >>>>>> Thank you for your suggestion, but it did not fix the permissions >>>>>> problem. >>>>>> >>>>>> On 01/24/2013 10:13 AM, Rob wrote: >>>>>>> usermod -a -G amavis clam >>>>>> How is this different from: >>>>>> >>>>>> gpasswd -a clam amavis >>>>>> >>>>>> And I am still getting the permissions error. >>>>>> >>>>>>> service clamd restart >>>>>>> >>>>>>> be happy >>>>>>> >>>>>>> On 24.01.2013, at 04:16, Robert Moskowitz <rgm at htt-consult.com> >>>>>>> wrote: >>>>>>> >>>>>>>> I am trying to follow: >>>>>>>> >>>>>>>> http://wiki.centos.org/HowTos/Amavisd >>>>>>>> >>>>>>>> Which seems to really be written for Centos 5, with just some >>>>>>>> selinux references for Centos 6. There are real problems here >>>>>>>> for Centos 6 with the userids section. >>>>>>>> >>>>>>>> It gives the following command and result: >>>>>>>> >>>>>>>> cat /etc/passwd | grep "amavis\|clamav" clamav:x:101:102:Clam >>>>>>>> Anti Virus Checker:/var/clamav:/sbin/nologin >>>>>>>> amavis:x:102:103:Amavis email scan user:/var/amavis:/bin/sh >>>>>>>> >>>>>>>> But my Centos 6.3 has: >>>>>>>> >>>>>>>> clam:x:494:490:Clam Anti Virus >>>>>>>> Checker:/var/lib/clamav:/sbin/nologin >>>>>>>> amavis:x:493:489::/var/spool/amavisd:/sbin/nologin >>>>>>>> >>>>>>>> Note the difference in userid clam instead of clamav. So this >>>>>>>> causes problems with the group recommendation: >>>>>>>> >>>>>>>> In addition, the clamav user should automatically have been >>>>>>>> added to the amavis group: >>>>>>>> >>>>>>>> # groups clamav clamav : clamav amavis >>>>>>>> >>>>>>>> If not, you can manually add clamav to the amavis group: >>>>>>>> >>>>>>>> gpasswd -a clamav amavis >>>>>>>> >>>>>>>> >>>>>>>> so I did: >>>>>>>> >>>>>>>> gpasswd -a clam amavis >>>>>>>> >>>>>>>> >>>>>>>> So far, it seems just changing what userid is now used by >>>>>>>> clamav... >>>>>>>> >>>>>>>> But in testing for spam I see the following in >>>>>>>> /var/log/maillog >>>>>>>> >>>>>>>> Jan 23 15:56:17 test1 amavis[25669]: (25669-01) (!)run_av >>>>>>>> (ClamAV-clamd) FAILED - unexpected , >>>>>>>> output="/var/spool/amavisd/tmp/amavis-20130123T155617-25669/parts: >>>>>>>> >>>>>>>> > lstat() failed: Permission denied. ERROR\n" >>>>>>>> I checked this directory tree and all along the tree the >>>>>>>> permissions are to amavis:amavis >>>>>>>> >>>>>>>> So where is my permission problem? >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ CentOS mailing >>>>>>>> list CentOS at centos.org >>>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> _______________________________________________ CentOS mailing >>>>>>> list CentOS at centos.org >>>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>>> >>>>>> _______________________________________________ CentOS mailing >>>>>> list CentOS at centos.org >>>>>> http://lists.centos.org/mailman/listinfo/centos >>>>>> >>>>> Can you attach the AVC messages from audit log. >>>>> >>>>> ausearch -m avc -ts recent >>>> Back home and booted up test system (thus no questions about clamav >>>> state): >>>> >>>> ---- time->Mon Jan 28 11:18:26 2013 type=SYSCALL >>>> msg=audit(1359389906.446:25): arch=40000003 syscall=5 success=yes >>>> exit=3 a0=92de9d8 a1=98800 a2=92de9d8 a3=92ba620 items=0 ppid=2211 >>>> pid=3045 auid=4294967295 uid=493 gid=489 euid=493 suid=493 fsuid=493 >>>> egid=489 sgid=489 fsgid=489 tty=(none) ses=4294967295 comm="clamscan" >>>> exe="/usr/bin/clamscan" subj=system_u:system_r:clamscan_t:s0 >>>> key=(null) type=AVC msg=audit(1359389906.446:25): avc: denied { read >>>> } for pid=3045 comm="clamscan" name="parts" dev=dm-0 ino=2624185 >>>> scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon >>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.490:26): >>>> arch=40000003 syscall=39 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 >>>> a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 >>>> euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) >>>> ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" >>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC >>>> msg=audit(1359389906.490:26): avc: denied { create } for pid=3045 >>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" >>>> scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC >>>> msg=audit(1359389906.490:26): avc: denied { add_name } for pid=3045 >>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" >>>> scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC >>>> msg=audit(1359389906.490:26): avc: denied { write } for pid=3045 >>>> comm="clamscan" name="tmp" dev=dm-0 ino=2624119 >>>> scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon >>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.528:27): >>>> arch=40000003 syscall=5 success=yes exit=5 a0=92f1810 a1=2c2 a2=1c0 >>>> a3=bfdb5d2c items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 >>>> euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) >>>> ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" >>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC >>>> msg=audit(1359389906.528:27): avc: denied { write } for pid=3045 >>>> comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" >>>> dev=dm-0 ino=2753728 scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file type=AVC >>>> msg=audit(1359389906.528:27): avc: denied { create } for pid=3045 >>>> comm="clamscan" name="clamav-308541af5e7a69c500ba0757a9644b91" >>>> scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file ---- time->Mon >>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:28): >>>> arch=40000003 syscall=15 success=yes exit=0 a0=92e64f8 a1=1c0 a2=a36cd8 >>>> a3=92e64f8 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 gid=489 >>>> euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 tty=(none) >>>> ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" >>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC >>>> msg=audit(1359389906.529:28): avc: denied { setattr } for pid=3045 >>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" >>>> dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon >>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:29): >>>> arch=40000003 syscall=40 success=no exit=-39 a0=92e64f8 a1=5106a4d2 >>>> a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 >>>> gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 >>>> tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" >>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC >>>> msg=audit(1359389906.529:29): avc: denied { rmdir } for pid=3045 >>>> comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" >>>> dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir type=AVC >>>> msg=audit(1359389906.529:29): avc: denied { remove_name } for >>>> pid=3045 comm="clamscan" name="clamav-add5fee27e737080ac3907505396eca9" >>>> dev=dm-0 ino=2753586 scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=dir ---- time->Mon >>>> Jan 28 11:18:26 2013 type=SYSCALL msg=audit(1359389906.529:30): >>>> arch=40000003 syscall=10 success=yes exit=0 a0=92f1910 a1=5106a4d2 >>>> a2=a36cd8 a3=92fee08 items=0 ppid=2211 pid=3045 auid=4294967295 uid=493 >>>> gid=489 euid=493 suid=493 fsuid=493 egid=489 sgid=489 fsgid=489 >>>> tty=(none) ses=4294967295 comm="clamscan" exe="/usr/bin/clamscan" >>>> subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC >>>> msg=audit(1359389906.529:30): avc: denied { unlink } for pid=3045 >>>> comm="clamscan" name="clamav-fcdca25df759de4e1da6dab82a8439a5" >>>> dev=dm-0 ino=2753729 scontext=system_u:system_r:clamscan_t:s0 >>>> tcontext=system_u:object_r:amavis_spool_t:s0 tclass=file >>>> >>>> Hope this helps! >>>> >>>> >>> Try policy on people.redhat.com/dwalsh/SELinux/RHEL6 >> This is a little too cryptic for me. I went to this url and since my >> system is i386 architecture, I went to the i686 directory. There I find a >> number of RPMs and a number that start with policy. I assume I can add >> this to my yum.repo over whatever I normally get for Centos, but what do I >> install or update? >> >> > > You want the selinux-policy packes from the noarch directory. I downloaded all for the directory and did a 'yum localupdate' adn policy and policy-targetted got updated. I then rebooted to make sure I had everything in sync and the sample-spam-GTUBE-junk.txt test and here is what I see in maillog: Jan 28 15:15:41 test1 postfix/pickup[1915]: CBC83280AB7: uid=0 from=<root> Jan 28 15:15:41 test1 postfix/cleanup[2776]: CBC83280AB7: message-id=<GTUBE1.1010101 at example.net> Jan 28 15:15:42 test1 postfix/qmgr[1916]: CBC83280AB7: from=<root at test1.test.htt-consult.com>, size=947, nrcpt=1 (queue active) Jan 28 15:15:42 test1 amavis[2064]: (02064-01) LMTP::10024 /var/spool/amavisd/tmp/amavis-20130128T151542-02064: <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> SIZE=947 Received: from test1.test.htt-consult.com ([127.0.0.1]) by localhost (test1.test.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP for <faxit at test.htt-consult.com>; Mon, 28 Jan 2013 15:15:42 -0500 (EST) Jan 28 15:15:42 test1 amavis[2064]: (02064-01) Checking: vsblEndjgbUB <root at test1.test.htt-consult.com> -> <faxit at test.htt-consult.com> Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/spool/amavisd/tmp/amavis-20130128T151542-02064/parts: lstat() failed: Permission denied. ERROR\n" Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x9f1f038) unexpected , output="/var/spool/amavisd/tmp/amavis-20130128T151542-02064/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 594. Jan 28 15:15:42 test1 amavis[2064]: (02064-01) (!!)WARN: all primary virus scanners failed, considering backups And then: [root at test1 ~]# ausearch -m avc -ts recent <no matches> So no SELinux stuff, but still no permissions. ??