ith SELinux in permissive mode clamd started without problem.
> > > In the graphical configuration tool of SELinux I found SELinux Service Protection; there I only had to check clamd.
> > > Clamd is now also running in enforced mode (SELinux).
> >
> >
> > Can you post the output of:
> >
> > # getsebool -a | grep clam
> >
> > I suspect all you've done is turn off SELinux protection of clamd (by
> > setting the clamd_disable_trans boolean). If that's the case, there is a
> > better way but it'll need more work.
> # getsebool -a | grep clam
> clamd_disable_trans --> on
> clamscan_disable_trans --> off
> freshclam_disable_trans --> off
>
> As you can see I am afraid that is the case.
To fix it "properly" you'd need to put SELinux in permissive mode, turn
off the clamd_disable_trans boolean and then find the "avc: denied"
messages mentioning clamd in your log files when you start and use the
service. By looking at those messages, we can figure out what's wrong
and hopefully fix it.
I started clamd with SELinux in permissive mode and with
clamd_disable_trans boolean turned off. In /var/log/messages there is
this error:
...
Jun 12 23:45:21 cello clamd[3053]: Daemon started.
Jun 12 23:45:21 cello clamd[3053]: clamd daemon 0.88.2 (OS: linux-gnu,
ARCH: i386, CPU: i386)
Jun 12 23:45:21 cello clamd[3053]: Log file size limit disabled.
Jun 12 23:45:21 cello clamd[3053]: Reading databases from /var/lib/clamav
Jun 12 23:45:22 cello clamd[3053]: Protecting against 59059 viruses.
Jun 12 23:45:22 cello clamd[3054]: bind() error: Address already in use
In /var/log/audit/audit.log there are several "avc: denied" messages:
...
type=AVC msg=audit(1150148721.544:181): avc: denied { read write }
for pid=3053 comm="clamd" name="1" dev=devpts ino=3
scontext=user_u:system_r:clamd_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
type=SYSCALL msg=audit(1150148721.544:181): arch=40000003 syscall=11
success=yes exit=0 a0=a063550 a1=a066c98 a2=a06aaa0 a3=a062d50 items=2
pid=3053 auid=500 uid=46 gid=46 euid=46 suid=46 fsuid=46 egid=46 sgid=46
fsgid=46 comm="clamd" exe="/usr/sbin/clamd"
type=AVC_PATH msg=audit(1150148721.544:181): path="/dev/pts/1"
type=CWD msg=audit(1150148721.544:181): cwd="/tmp"
type=PATH msg=audit(1150148721.544:181): item=0 name="/usr/sbin/clamd"
flags=101 inode=1115221 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1150148721.544:181): item=1 flags=101 inode=3424499
dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1150148721.548:182): avc: denied { search } for
pid=3053 comm="clamd" scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=AVC msg=audit(1150148721.548:182): avc: denied { read } for
pid=3053 comm="clamd" scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=file
type=SYSCALL msg=audit(1150148721.548:182): arch=40000003 syscall=149
success=yes exit=0 a0=bfd15ea0 a1=4f32aff4 a2=4f4a1e00 a3=bfd15e98
items=0 pid=3053 auid=500 uid=46 gid=46 euid=46 suid=46 fsuid=46 egid=46
sgid=46 fsgid=46 comm="clamd" exe="/usr/sbin/clamd"
type=AVC msg=audit(1150148721.548:183): avc: denied { append } for
pid=3053 comm="clamd" name="clamd.log" dev=dm-0 ino=65542
scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1150148721.548:183): arch=40000003 syscall=5
success=yes exit=3 a0=8b40190 a1=441 a2=1b6 a3=8b405a8 items=1 pid=3053
auid=500 uid=46 gid=46 euid=46 suid=46 fsuid=46 egid=46 sgid=46 fsgid=46
comm="clamd" exe="/usr/sbin/clamd"
type=CWD msg=audit(1150148721.548:183): cwd="/tmp"
type=PATH msg=audit(1150148721.548:183): item=0
name="/var/log/clamav/clamd.log" flags=310 inode=65664 dev=fd:00
mode=040755 ouid=46 ogid=46 rdev=00:00
type=AVC msg=audit(1150148721.548:184): avc: denied { getattr } for
pid=3053 comm="clamd" name="clamd.log" dev=dm-0 ino=65542
scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file
type=SYSCALL msg=audit(1150148721.548:184): arch=40000003 syscall=197
success=yes exit=0 a0=3 a1=bfd159f4 a2=4f32aff4 a3=3 items=0 pid=3053
auid=500 uid=46 gid=46 euid=46 suid=46 fsuid=46 egid=46 sgid=46 fsgid=46
comm="clamd" exe="/usr/sbin/clamd"
type=AVC_PATH msg=audit(1150148721.548:184):
path="/var/log/clamav/clamd.log"
type=AVC msg=audit(1150148721.548:185): avc: denied { write } for
pid=3053 comm="clamd" name="log" dev=tmpfs ino=6732
scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:object_r:devlog_t:s0 tclass=sock_file
type=AVC msg=audit(1150148721.548:185): avc: denied { sendto } for
pid=3053 comm="clamd" name="log" scontext=user_u:system_r:clamd_t:s0
tcontext=system_u:system_r:syslogd_t:s0 tclass=unix_dgram_socket
type=SYSCALL msg=audit(1150148721.548:185): arch=40000003 syscall=102
success=yes exit=0 a0=3 a1=bfd15fc0 a2=4f32aff4 a3=15 items=1 pid=3053
auid=500 uid=46 gid=46 euid=46 suid=46 fsuid=46 egid=46 sgid=46 fsgid=46
comm="clamd" exe="/usr/sbin/clamd"
type=AVC_PATH msg=audit(1150148721.548:185): path="/dev/log"
type=SOCKADDR msg=audit(1150148721.548:185):
saddr=01002F6465762F6C6F6700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
type=SOCKETCALL msg=audit(1150148721.548:185): nargs=3 a0=4 a1=4f32cbe0
a2=6e
type=PATH msg=audit(1150148721.548:185): item=0 flags=1 inode=6732
dev=00:0f mode=0140666 ouid=0 ogid=0 rdev=00:00
type=CRED_DISP msg=audit(1150148722.536:186): user pid=3036 uid=0
auid=500 msg='PAM: setcred acct=clamav : exe="/sbin/runuser"
(hostname=?, addr=?, terminal=pts/1 res=success)'
type=USER_END msg=audit(1150148722.536:187): user pid=3036 uid=0
auid=500 msg='PAM: session close acct=clamav : exe="/sbin/runuser"
(hostname=?, addr=?, terminal=pts/1 res=success)'
Peter