Error Message:
type=AVC msg=audit(1230255690.397:8175): avc: denied { search } for pid=30789 comm="clamd" name="kernel" dev=proc ino=4026531880 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1230255690.397:8175): arch=c000003e syscall=2 success=no exit=-13 a0=305eb1d6f2 a1=0 a2=ffffffffffffffb0 a3=0 items=0 ppid=30788 pid=30789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1230255690.397:8176): avc: denied { append } for pid=30789 comm="clamd" name="clamd.log" dev=dm-2 ino=98360 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1230255690.397:8176): arch=c000003e syscall=2 success=no exit=-13 a0=9fb5090 a1=441 a2=1b6 a3=441 items=0 ppid=30788 pid=30789 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=pts2 ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1230255690.408:8177): avc: denied { search } for pid=30793 comm="freshclam" name="lib" dev=dm-0 ino=64899 scontext=system_u:system_r:freshclam_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1230255690.408:8177): arch=c000003e syscall=80 success=no exit=-13 a0=19677f20 a1=40e95e a2=0 a3=2b16873fee70 items=0 ppid=30792 pid=30793 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=pts2 ses=4294967295 comm="freshclam" exe="/usr/bin/freshclam" subj=system_u:system_r:freshclam_t:s0 key=(null)
type=SYSCALL msg=audit(1230255690.397:8175): arch=c000003e syscall=2 success=no exit=-13 a0=305eb1d6f2 a1=0 a2=ffffffffffffffb0 a3=0 items=0 ppid=30788 pid=30789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1230255690.397:8176): avc: denied { append } for pid=30789 comm="clamd" name="clamd.log" dev=dm-2 ino=98360 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1230255690.397:8176): arch=c000003e syscall=2 success=no exit=-13 a0=9fb5090 a1=441 a2=1b6 a3=441 items=0 ppid=30788 pid=30789 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=pts2 ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1230255690.408:8177): avc: denied { search } for pid=30793 comm="freshclam" name="lib" dev=dm-0 ino=64899 scontext=system_u:system_r:freshclam_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1230255690.408:8177): arch=c000003e syscall=80 success=no exit=-13 a0=19677f20 a1=40e95e a2=0 a3=2b16873fee70 items=0 ppid=30792 pid=30793 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=pts2 ses=4294967295 comm="freshclam" exe="/usr/bin/freshclam" subj=system_u:system_r:freshclam_t:s0 key=(null)
Finally, after i dug more about how to manage Selinux Policy from
http://wiki.centos.org/HowTos/SELinux#head-430e52f7f8a7b41ad5fc42a2f95d3e495d13d348
and found this solutions worked for me.
Solve clamd.log permission
# grep clamd_t /var/log/audit/audit.log | audit2allow -M clamdSolve freshclam module problem
# semodule -i clamd.pp
# grep freshclam /var/log/audit/audit.log | audit2allow -M freshclamCommand above will change the file permission of clamd.log so it can be writeable and allow search permission for freshclam.
# semodule -i freshclam.pp
0 comments:
Post a Comment