fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Clamd - again...

Re: Clamd - again...

From: Arthur Dent <misc.lists_at_nospam>
Date: Wed Aug 25 2010 - 21:07:47 GMT
To: selinux@lists.fedoraproject.org

On Wed, 2010-08-25 at 22:47 +0200, Dominick Grift wrote:
> On 08/25/2010 10:42 PM, Arthur Dent wrote:
>
> >
> > These are avcs I have collected today. I have made no attempt to remove
> > duplicates and some of them probably relate to when I was playing with
> > the clamdwatch problem...
>
> > type=AVC msg=audit(1282693685.536:49993): avc: denied { read } for
> > pid=8053 comm="clamd" path="/tmp/clamassassinmsg.ELpNsCwoK2" dev=sda6
> > ino=86012 scontext=unconfined_u:system_r:clamd_t:s0
> > tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file
> > ----
>
> I thought we allowed this already?
>
> add that to myclamd.te, then rebuild, reinstall
>
> all the other denials can be ignored. (hidden)
>
> procmail_rw_tmp_files(clamd_t)

procmail_rw_tmp_file(clad_t) is not in myclamd.te but
procmail_rw_tmp_files(clamscan_t) is.

should I alter, add, or replace it?

i.e. should I have both or just the clamd_t one?

While I have been writing this I have had a tail -f running on the
clamd.log file. At 21:50 I got this message in the clamd.log:

Wed Aug 25 21:51:11 2010 -> WARNING: Control message truncated, no control data received, 1 bytes read(Is SELinux/AppArmor enabled, and blocking file descriptor passing?)
Wed Aug 25 21:51:11 2010 -> WARNING: Error condition on fd 9

These are the avs at the corresponding time:

---- time->Wed Aug 25 21:51:10 2010 type=SYSCALL msg=audit(1282769470.861:53248): arch=40000003 syscall=11 success=yes exit=0 a0=15559d0 a1=bf9c9f7c a2=303840 a3=41904 items=0 ppid=25769 pid=25770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="procmail" exe="/usr/bin/procmail" subj=system_u:system_r:procmail_t:s0 key=(null) type=AVC msg=audit(1282769470.861:53248): avc: denied { noatsecure } for pid=25770 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process type=AVC msg=audit(1282769470.861:53248): avc: denied { siginh } for pid=25770 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process type=AVC msg=audit(1282769470.861:53248): avc: denied { rlimitinh } for pid=25770 comm="procmail" scontext=system_u:system_r:sendmail_t:s0 tcontext=system_u:system_r:procmail_t:s0 tclass=process ---- time->Wed Aug 25 21:51:10 2010 type=SYSCALL msg=audit(1282769470.982:53249): arch=40000003 syscall=11 success=yes exit=0 a0=8b3c660 a1=8b3c538 a2=8b385b8 a3=8b3c538 items=0 ppid=25772 pid=25776 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282769470.982:53249): avc: denied { noatsecure } for pid=25776 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282769470.982:53249): avc: denied { siginh } for pid=25776 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282769470.982:53249): avc: denied { rlimitinh } for pid=25776 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 21:51:11 2010 type=SYSCALL msg=audit(1282769471.032:53250): arch=40000003 syscall=11 success=yes exit=0 a0=8b3bb40 a1=8b3bae8 a2=8b385b8 a3=8b3bae8 items=0 ppid=25772 pid=25780 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="clamdscan" exe="/usr/local/bin/clamdscan" subj=system_u:system_r:clamscan_t:s0 key=(null) type=AVC msg=audit(1282769471.032:53250): avc: denied { noatsecure } for pid=25780 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282769471.032:53250): avc: denied { siginh } for pid=25780 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process type=AVC msg=audit(1282769471.032:53250): avc: denied { rlimitinh } for pid=25780 comm="clamdscan" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:clamscan_t:s0 tclass=process ---- time->Wed Aug 25 21:51:11 2010 type=SYSCALL msg=audit(1282769471.036:53251): arch=40000003 syscall=102 success=yes exit=1 a0=11 a1=bf9e5ab0 a2=bf9e6158 a3=0 items=0 ppid=1 pid=8053 auid=0 uid=503 gid=503 euid=503 suid=503 fsuid=503 egid=503 sgid=503 fsgid=503 tty=(none) ses=1619 comm="clamd" exe="/usr/local/sbin/clamd" subj=unconfined_u:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1282769471.036:53251): avc: denied { read } for pid=8053 comm="clamd" path="/tmp/clamassassinmsg.Vl92TPjc8V" dev=sda6 ino=86064 scontext=unconfined_u:system_r:clamd_t:s0 tcontext=system_u:object_r:procmail_tmp_t:s0 tclass=file ---- time->Wed Aug 25 21:51:11 2010 type=SYSCALL msg=audit(1282769471.055:53252): arch=40000003 syscall=11 success=yes exit=0 a0=866bdd0 a1=866d4f0 a2=866d670 a3=866d4f0 items=0 ppid=25783 pid=25784 auid=4294967295 uid=0 gid=12 euid=0 suid=0 fsuid=0 egid=12 sgid=12 fsgid=12 tty=(none) ses=4294967295 comm="spamc" exe="/usr/bin/spamc" subj=system_u:system_r:spamc_t:s0 key=(null) type=AVC msg=audit(1282769471.055:53252): avc: denied { noatsecure } for pid=25784 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process type=AVC msg=audit(1282769471.055:53252): avc: denied { siginh } for pid=25784 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process type=AVC msg=audit(1282769471.055:53252): avc: denied { rlimitinh } for pid=25784 comm="spamc" scontext=system_u:system_r:procmail_t:s0 tcontext=system_u:system_r:spamc_t:s0 tclass=process ---- time->Wed Aug 25 21:51:11 2010 type=SYSCALL msg=audit(1282769471.092:53253): arch=40000003 syscall=5 success=no exit=-13 a0=f75a29 a1=80000 a2=1b6 a3=f759c5 items=0 ppid=17891 pid=17892 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1959 comm="spamd" exe="/usr/bin/perl" subj=unconfined_u:system_r:spamd_t:s0 key=(null) type=AVC msg=audit(1282769471.092:53253): avc: denied { read } for pid=17892 comm="spamd" name="shadow" dev=sda6 ino=85497 scontext=unconfined_u:system_r:spamd_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file ----

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux