fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Clamd - again...

Re: Clamd - again...

From: Arthur Dent <misc.lists_at_nospam>
Date: Mon Aug 23 2010 - 08:09:08 GMT
To: selinux@lists.fedoraproject.org

On Sun, 2010-08-22 at 22:44 +0100, Arthur Dent wrote:
> On Sun, 2010-08-22 at 23:07 +0200, Dominick Grift wrote:
> > On 08/22/2010 08:24 PM, Arthur Dent wrote:
>
> snip...
>
> > My first guess is that you have mislabeled files. Try to relabel your
> > file system and then try again from scratch, then if you get any AVC
> > denials please send them here.
>
> OK - Fair point. In fact, now you come to mention it, I have done a lot
> of copying from my F11 setup and a lot of other configuration and
> haven't done a relabel since about half way through my implementation.
>
> Yesterday I updated with yum and it delivered:
> selinux-policy-3.7.19-47.fc13.noarch
> selinux-policy-targeted-3.7.19-47.fc13.noarch
>
> So now might be a good time for a relabel...
>
> I will report back (probably tomorrow).

Well this is interesting...

Since unloading my custom clamd module and relabelling I have had NO
avcs! - Not one.

Clamd is still being blocked however, so I have now activated the
semodule -DB thing...

No AVCs have been produced (in the sense that no setroubleshoot emails
have been produced), but here is the output of
ausearch -m avc -ts recent :

time->Mon Aug 23 08:57:02 2010
type=SYSCALL msg=audit(1282550222.014:42728): arch=40000003 syscall=11 success=yes exit=0 a0=9297fe0 a1=9297c90 a2=9297008 a3=929a1e8 items=0 ppid=23900 pid=23901 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1282550222.014:42728): avc: denied { noatsecure } for pid=23901 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1282550222.014:42728): avc: denied { siginh } for pid=23901 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
type=AVC msg=audit(1282550222.014:42728): avc: denied { rlimitinh } for pid=23901 comm="setroubleshootd" scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
---- time->Mon Aug 23 08:57:02 2010 type=SYSCALL msg=audit(1282550222.302:42730): arch=40000003 syscall=33 success=no exit=-13 a0=87ffc90 a1=2 a2=6fb4f8 a3=86b4088 items=0 ppid=23900 pid=23901 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1282550222.302:42730): avc: denied { write } for pid=23901 comm="setroubleshootd" name="rpm" dev=sda6 ino=203 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir ---- time->Mon Aug 23 08:57:02 2010 type=SYSCALL msg=audit(1282550222.304:42731): arch=40000003 syscall=33 success=no exit=-13 a0=87ffc90 a1=2 a2=6fb4f8 a3=87f9398 items=0 ppid=23900 pid=23901 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1282550222.304:42731): avc: denied { write } for pid=23901 comm="setroubleshootd" name="rpm" dev=sda6 ino=203 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir ---- time->Mon Aug 23 08:57:07 2010 type=SYSCALL msg=audit(1282550227.040:42733): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfe490a0 a2=3 a3=0 items=0 ppid=23912 pid=23916 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null) type=AVC msg=audit(1282550227.040:42733): avc: denied { search } for pid=23916 comm="clamdscan" name="clamd" dev=sda6 ino=269280 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_run_t:s0 tclass=dir ---- time->Mon Aug 23 08:57:07 2010 type=SYSCALL msg=audit(1282550227.058:42734): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf800420 a2=3 a3=1 items=0 ppid=23912 pid=23920 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:procmail_t:s0 key=(null) type=AVC msg=audit(1282550227.058:42734): avc: denied { search } for pid=23920 comm="clamdscan" name="clamd" dev=sda6 ino=269280 scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:object_r:clamd_var_run_t:s0 tclass=dir ---- time->Mon Aug 23 08:57:07 2010 type=SYSCALL msg=audit(1282550227.096:42735): arch=40000003 syscall=11 success=yes exit=0 a0=8e92dd0 a1=8e95760 a2=8e95888 a3=8e95760 items=0 ppid=23925 pid=23926 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc" subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC msg=audit(1282550227.096:42735): avc: denied { noatsecure } for pid=23926 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process type=AVC msg=audit(1282550227.096:42735): avc: denied { siginh } for pid=23926 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process type=AVC msg=audit(1282550227.096:42735): avc: denied { rlimitinh } for pid=23926 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process ---- time->Mon Aug 23 08:57:06 2010 type=SYSCALL msg=audit(1282550226.692:42732): arch=40000003 syscall=11 success=yes exit=0 a0=15559d0 a1=bf9c9f7c a2=303840 a3=41904 items=0 ppid=23909 pid=23910 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null) type=AVC msg=audit(1282550226.692:42732): avc: denied { noatsecure } for pid=23910 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process type=AVC msg=audit(1282550226.692:42732): avc: denied { siginh } for pid=23910 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process type=AVC msg=audit(1282550226.692:42732): avc: denied { rlimitinh } for pid=23910 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process ---- time->Mon Aug 23 08:57:07 2010 type=SYSCALL msg=audit(1282550227.209:42736): arch=40000003 syscall=5 success=no exit=-13 a0=606a29 a1=80000 a2=1b6 a3=6069c5 items=0 ppid=20953 pid=20954 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=772 comm="spamd" exe="/usr/bin/perl" subj=unconfined_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1282550227.209:42736): avc: denied { read } for pid=20954 comm="spamd" name="shadow" dev=sda6 ino=85497 scontext=unconfined_u:system_r:spamd_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file Audit2allow produce some funny stuff when I tried to run this through it so I think it is best if you take a look at it! Thanks again. Mark

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux