fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Clamd - again...

Re: Clamd - again...

From: Arthur Dent <misc.lists_at_nospam>
Date: Wed Aug 25 2010 - 20:42:15 GMT
To: selinux@lists.fedoraproject.org

On Wed, 2010-08-25 at 20:18 +0200, Dominick Grift wrote:

> >
> > I'm afraid we're still not quite there yet...
> >
> > This is from /var/log/clamd.log:
> > Wed Aug 25 18:27:05 2010 -> WARNING: Control message truncated, no control data received, 1 bytes read(Is SELinux/AppArmor enabled, and blocking file descriptor passing?)
> > Wed Aug 25 18:27:05 2010 -> WARNING: Error condition on fd 9
> >
> > I have no idea what fd 9 is.
>
> Probably a file descriptor we missed. run semodule -DB to unload hidden
> denials, try to reproduce it and send the AVC denials you are getting so
> that we can review them and fix it.

These are avcs I have collected today. I have made no attempt to remove
duplicates and some of them probably relate to when I was playing with
the clamdwatch problem...

---- time->Wed Aug 25 00:48:05 2010 type=SYSCALL msg=audit(1282693685.486:49991): arch=40000003 syscall=11 success=yes exit=0 a0=81af660 a1=81af538 a2=81ab5b8 a3=81af538 items=0 ppid=13003 pid=13007 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282693685.486:49991): avc: denied { noatsecure } for pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282693685.486:49991): avc: denied { siginh } for pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282693685.486:49991): avc: denied { rlimitinh } for pid=13007 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 00:48:05 2010 type=SYSCALL msg=audit(1282693685.532:49992): arch=40000003 syscall=11 success=yes exit=0 a0=81aeb40 a1=81aeae8 a2=81ab5b8 a3=81aeae8 items=0 ppid=13003 pid=13011 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282693685.532:49992): avc: denied { noatsecure } for pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282693685.532:49992): avc: denied { siginh } for pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282693685.532:49992): avc: denied { rlimitinh } for pid=13011 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 00:48:05 2010 type=SYSCALL msg=audit(1282693685.536:49993): arch=40000003 syscall=102 success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282693685.536:49993): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.ELpNsCwoK2" dev=sda6 ino=86012 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 02:48:05 2010 type=SYSCALL msg=audit(1282700885.042:50296): arch=40000003 syscall=11 success=yes exit=0 a0=9f12660 a1=9f12538 a2=9f0e5b8 a3=9f12538 items=0 ppid=17983 pid=17987 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282700885.042:50296): avc: denied { noatsecure } for pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282700885.042:50296): avc: denied { siginh } for pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282700885.042:50296): avc: denied { rlimitinh } for pid=17987 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 02:48:05 2010 type=SYSCALL msg=audit(1282700885.104:50297): arch=40000003 syscall=11 success=yes exit=0 a0=9f11b40 a1=9f11ae8 a2=9f0e5b8 a3=9f11ae8 items=0 ppid=17983 pid=17991 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282700885.104:50297): avc: denied { noatsecure } for pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282700885.104:50297): avc: denied { siginh } for pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282700885.104:50297): avc: denied { rlimitinh } for pid=17991 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 02:48:05 2010 type=SYSCALL msg=audit(1282700885.108:50298): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282700885.108:50298): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.MO3uL9qugu" dev=sda6 ino=86012 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 03:27:05 2010 type=SYSCALL msg=audit(1282703225.792:50393): arch=40000003 syscall=11 success=yes exit=0 a0=901d660 a1=901d538 a2=90195b8 a3=901d538 items=0 ppid=18347 pid=18351 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282703225.792:50393): avc: denied { noatsecure } for pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282703225.792:50393): avc: denied { siginh } for pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282703225.792:50393): avc: denied { rlimitinh } for pid=18351 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 03:27:05 2010 type=SYSCALL msg=audit(1282703225.806:50394): arch=40000003 syscall=11 success=yes exit=0 a0=901cb40 a1=901cae8 a2=90195b8 a3=901cae8 items=0 ppid=18347 pid=18355 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282703225.806:50394): avc: denied { noatsecure } for pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282703225.806:50394): avc: denied { siginh } for pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282703225.806:50394): avc: denied { rlimitinh } for pid=18355 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 03:27:05 2010 type=SYSCALL msg=audit(1282703225.810:50395): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282703225.810:50395): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.Miai1XEtS5" dev=sda6 ino=86012 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 07:06:07 2010 type=SYSCALL msg=audit(1282716367.056:50913): arch=40000003 syscall=11 success=yes exit=0 a0=95a6660 a1=95a6538 a2=95a25b8 a3=95a6538 items=0 ppid=20093 pid=20097 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282716367.056:50913): avc: denied { noatsecure } for pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282716367.056:50913): avc: denied { siginh } for pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282716367.056:50913): avc: denied { rlimitinh } for pid=20097 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 07:06:07 2010 type=SYSCALL msg=audit(1282716367.101:50914): arch=40000003 syscall=11 success=yes exit=0 a0=95a5b40 a1=95a5ae8 a2=95a25b8 a3=95a5ae8 items=0 ppid=20093 pid=20101 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282716367.101:50914): avc: denied { noatsecure } for pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282716367.101:50914): avc: denied { siginh } for pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282716367.101:50914): avc: denied { rlimitinh } for pid=20101 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 07:06:07 2010 type=SYSCALL msg=audit(1282716367.105:50915): arch=40000003 syscall=102 success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282716367.105:50915): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.5atFlfQtzg" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 08:33:05 2010 type=SYSCALL msg=audit(1282721585.327:51099): arch=40000003 syscall=11 success=yes exit=0 a0=85fe660 a1=85fe538 a2=85fa5b8 a3=85fe538 items=0 ppid=20452 pid=20456 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282721585.327:51099): avc: denied { noatsecure } for pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282721585.327:51099): avc: denied { siginh } for pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282721585.327:51099): avc: denied { rlimitinh } for pid=20456 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 08:33:05 2010 type=SYSCALL msg=audit(1282721585.342:51100): arch=40000003 syscall=11 success=yes exit=0 a0=85fdb40 a1=85fdae8 a2=85fa5b8 a3=85fdae8 items=0 ppid=20452 pid=20460 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282721585.342:51100): avc: denied { noatsecure } for pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282721585.342:51100): avc: denied { siginh } for pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282721585.342:51100): avc: denied { rlimitinh } for pid=20460 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 08:33:05 2010 type=SYSCALL msg=audit(1282721585.346:51101): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282721585.346:51101): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.INJ23gPAOG" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 09:18:05 2010 type=SYSCALL msg=audit(1282724285.612:51207): arch=40000003 syscall=11 success=yes exit=0 a0=8ac8660 a1=8ac8538 a2=8ac45b8 a3=8ac8538 items=0 ppid=20860 pid=20864 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282724285.612:51207): avc: denied { noatsecure } for pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282724285.612:51207): avc: denied { siginh } for pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282724285.612:51207): avc: denied { rlimitinh } for pid=20864 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 09:18:05 2010 type=SYSCALL msg=audit(1282724285.626:51208): arch=40000003 syscall=11 success=yes exit=0 a0=8ac7b40 a1=8ac7ae8 a2=8ac45b8 a3=8ac7ae8 items=0 ppid=20860 pid=20868 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282724285.626:51208): avc: denied { noatsecure } for pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282724285.626:51208): avc: denied { siginh } for pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282724285.626:51208): avc: denied { rlimitinh } for pid=20868 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 09:18:05 2010 type=SYSCALL msg=audit(1282724285.630:51209): arch=40000003 syscall=102 success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282724285.630:51209): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.5o03RffeYk" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 10:06:06 2010 type=SYSCALL msg=audit(1282727166.230:51315): arch=40000003 syscall=11 success=yes exit=0 a0=9a56660 a1=9a56538 a2=9a525b8 a3=9a56538 items=0 ppid=21073 pid=21077 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282727166.230:51315): avc: denied { noatsecure } for pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282727166.230:51315): avc: denied { siginh } for pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282727166.230:51315): avc: denied { rlimitinh } for pid=21077 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 10:06:06 2010 type=SYSCALL msg=audit(1282727166.245:51316): arch=40000003 syscall=11 success=yes exit=0 a0=9a55b40 a1=9a55ae8 a2=9a525b8 a3=9a55ae8 items=0 ppid=21073 pid=21081 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282727166.245:51316): avc: denied { noatsecure } for pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282727166.245:51316): avc: denied { siginh } for pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282727166.245:51316): avc: denied { rlimitinh } for pid=21081 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 10:06:06 2010 type=SYSCALL msg=audit(1282727166.248:51317): arch=40000003 syscall=102 success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282727166.248:51317): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.UEdCagKAf8" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 15:06:05 2010 type=SYSCALL msg=audit(1282745165.938:52108): arch=40000003 syscall=11 success=yes exit=0 a0=9b2f660 a1=9b2f538 a2=9b2b5b8 a3=9b2f538 items=0 ppid=22700 pid=22704 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282745165.938:52108): avc: denied { noatsecure } for pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282745165.938:52108): avc: denied { siginh } for pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282745165.938:52108): avc: denied { rlimitinh } for pid=22704 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 15:06:06 2010 type=SYSCALL msg=audit(1282745166.008:52109): arch=40000003 syscall=11 success=yes exit=0 a0=9b2eb40 a1=9b2eae8 a2=9b2b5b8 a3=9b2eae8 items=0 ppid=22700 pid=22708 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282745166.008:52109): avc: denied { noatsecure } for pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282745166.008:52109): avc: denied { siginh } for pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282745166.008:52109): avc: denied { rlimitinh } for pid=22708 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 15:06:06 2010 type=SYSCALL msg=audit(1282745166.024:52110): arch=40000003 syscall=102 success=yes exit=9 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282745166.024:52110): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.ZM4FXWKrfw" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 17:06:04 2010 type=SYSCALL msg=audit(1282752364.895:52419): arch=40000003 syscall=11 success=yes exit=0 a0=8f1c660 a1=8f1c538 a2=8f185b8 a3=8f1c538 items=0 ppid=23444 pid=23448 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282752364.895:52419): avc: denied { noatsecure } for pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282752364.895:52419): avc: denied { siginh } for pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282752364.895:52419): avc: denied { rlimitinh } for pid=23448 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:06:04 2010 type=SYSCALL msg=audit(1282752364.911:52420): arch=40000003 syscall=11 success=yes exit=0 a0=8f1bb40 a1=8f1bae8 a2=8f185b8 a3=8f1bae8 items=0 ppid=23444 pid=23452 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282752364.911:52420): avc: denied { noatsecure } for pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282752364.911:52420): avc: denied { siginh } for pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282752364.911:52420): avc: denied { rlimitinh } for pid=23452 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:06:04 2010 type=SYSCALL msg=audit(1282752364.914:52421): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282752364.914:52421): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.jp96Rb3i34" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 17:18:10 2010 type=SYSCALL msg=audit(1282753090.532:52453): arch=40000003 syscall=11 success=yes exit=0 a0=9473660 a1=9473538 a2=946f5b8 a3=9473538 items=0 ppid=23506 pid=23510 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282753090.532:52453): avc: denied { noatsecure } for pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753090.532:52453): avc: denied { siginh } for pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753090.532:52453): avc: denied { rlimitinh } for pid=23510 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:18:10 2010 type=SYSCALL msg=audit(1282753090.548:52454): arch=40000003 syscall=11 success=yes exit=0 a0=9472b40 a1=9472ae8 a2=946f5b8 a3=9472ae8 items=0 ppid=23506 pid=23514 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282753090.548:52454): avc: denied { noatsecure } for pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753090.548:52454): avc: denied { siginh } for pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753090.548:52454): avc: denied { rlimitinh } for pid=23514 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:18:10 2010 type=SYSCALL msg=audit(1282753090.551:52455): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282753090.551:52455): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.lABWgGT1Bx" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 17:30:08 2010 type=SYSCALL msg=audit(1282753808.292:52485): arch=40000003 syscall=11 success=yes exit=0 a0=95bd660 a1=95bd538 a2=95b95b8 a3=95bd538 items=0 ppid=23570 pid=23574 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282753808.292:52485): avc: denied { noatsecure } for pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753808.292:52485): avc: denied { siginh } for pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753808.292:52485): avc: denied { rlimitinh } for pid=23574 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:30:08 2010 type=SYSCALL msg=audit(1282753808.306:52486): arch=40000003 syscall=11 success=yes exit=0 a0=95bcb40 a1=95bcae8 a2=95b95b8 a3=95bcae8 items=0 ppid=23570 pid=23578 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282753808.306:52486): avc: denied { noatsecure } for pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753808.306:52486): avc: denied { siginh } for pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282753808.306:52486): avc: denied { rlimitinh } for pid=23578 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 17:30:08 2010 type=SYSCALL msg=audit(1282753808.310:52487): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282753808.310:52487): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.SEBHp9J9FC" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 18:27:05 2010 type=SYSCALL msg=audit(1282757225.655:52637): arch=40000003 syscall=11 success=yes exit=0 a0=8404660 a1=8404538 a2=84005b8 a3=8404538 items=0 ppid=23986 pid=23990 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282757225.655:52637): avc: denied { noatsecure } for pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282757225.655:52637): avc: denied { siginh } for pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282757225.655:52637): avc: denied { rlimitinh } for pid=23990 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 18:27:05 2010 type=SYSCALL msg=audit(1282757225.682:52638): arch=40000003 syscall=11 success=yes exit=0 a0=8403b40 a1=8403ae8 a2=84005b8 a3=8403ae8 items=0 ppid=23986 pid=23994 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282757225.682:52638): avc: denied { noatsecure } for pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282757225.682:52638): avc: denied { siginh } for pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282757225.682:52638): avc: denied { rlimitinh } for pid=23994 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 18:27:05 2010 type=SYSCALL msg=audit(1282757225.685:52639): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282757225.685:52639): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.BmRYSmXIWX" dev=sda6 ino=86007 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 19:15:48 2010 type=SYSCALL msg=audit(1282760148.767:52789): arch=40000003 syscall=33 success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1 pid=24208 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282760148.767:52789): avc: denied { read } for pid=24208 comm="clamd" name="clamdwatch-dpJvpbczaviGA9DC" dev=sda6 ino=13129 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file ---- time->Wed Aug 25 19:28:16 2010 type=SYSCALL msg=audit(1282760896.264:52831): arch=40000003 syscall=33 success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1 pid=24267 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282760896.264:52831): avc: denied { read } for pid=24267 comm="clamd" name="clamdwatch-b_nESSgoTkX3Y8ga" dev=sda6 ino=13129 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file ---- time->Wed Aug 25 19:30:43 2010 type=SYSCALL msg=audit(1282761043.976:52838): arch=40000003 syscall=33 success=no exit=-13 a0=a5500488 a1=4 a2=a60ff1fc a3=44 items=0 ppid=1 pid=24280 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282761043.976:52838): avc: denied { read } for pid=24280 comm="clamd" name="clamdwatch-ymyC2PA1n1gjmt9Z" dev=sda6 ino=13129 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file ----

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux