On Wed, 2006-06-14 at 21:19 +0200, Peter Lesterhuis wrote: > OK, I could load the module now. > The output of # semodule -l is: > # semodule -l > amavis 1.0.4 > clamav 1.0.1 > myclamd 0.1.0 > myfreshclam 0.1.0 > pyzor 1.0.1 > > I ran the "restorecon"-command (first line only?) > After this I could start clamd also in enforced mode. Good. > But in /var/log/audit/audit.log there still are some "avc= denied" messages. > > # cat audit.log (snip non-AVC audit messages) > type=AVC msg=audit(1150311069.037:9): avc: denied { search } for > pid=2352 comm="freshclam" scontext=system_u:system_r:freshclam_t:s0 > tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir > type=SYSCALL msg=audit(1150311069.037:9): arch=40000003 syscall=149 > success=no exit=-1 a0=bf8bb3c0 a1=4f32aff4 a2=4f4a1e00 a3=bf8bb3b8 > items=0 pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 comm="freshclam" exe="/usr/bin/freshclam" Reading kernel sysctl (not sure what for) > type=AVC msg=audit(1150311069.037:10): avc: denied { search } for > pid=2352 comm="freshclam" name="/" dev=proc ino=1 > scontext=system_u:system_r:freshclam_t:s0 > tcontext=system_u:object_r:proc_t:s0 tclass=dir > type=SYSCALL msg=audit(1150311069.037:10): arch=40000003 syscall=5 > success=no exit=-13 a0=4f49e020 a1=0 a2=bf8bb420 a3=b7f9f6bc items=1 > pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsgid=0 comm="freshclam" exe="/usr/bin/freshclam" > type=CWD msg=audit(1150311069.037:10): cwd="/" > type=PATH msg=audit(1150311069.037:10): item=0 > name="/proc/sys/kernel/version" flags=101 Trying to read /proc/sys/kernel/version > type=AVC msg=audit(1150311069.037:11): avc: denied { read } for > pid=2352 comm="freshclam" name="freshclam.conf" dev=dm-0 ino=2736205 > scontext=system_u:system_r:freshclam_t:s0 > tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file > type=SYSCALL msg=audit(1150311069.037:11): arch=40000003 syscall=5 > success=no exit=-13 a0=804f7a1 a1=0 a2=1b6 a3=9796090 items=1 pid=2352 > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 > comm="freshclam" exe="/usr/bin/freshclam" > type=CWD msg=audit(1150311069.037:11): cwd="/" > type=PATH msg=audit(1150311069.037:11): item=0 > name="/etc/freshclam.conf" flags=101 inode=2736205 dev=fd:00 > mode=0100640 ouid=0 ogid=0 rdev=00:00 This looks like a labelling issue. Can you post the output of: # ls -lZ /etc/freshclam.conf # restorecon -v /etc/freshclam.conf Which packages are you using for clamav? I see nothing in the Extras version that might result in this. > type=AVC msg=audit(1150311069.037:12): avc: denied { search } for > pid=2352 comm="freshclam" name="/" dev=proc ino=1 > scontext=system_u:system_r:freshclam_t:s0 > tcontext=system_u:object_r:proc_t:s0 tclass=dir > type=SYSCALL msg=audit(1150311069.037:12): arch=40000003 syscall=5 > success=no exit=-13 a0=4f315039 a1=0 a2=4f32aff4 a3=9796608 items=1 > pid=2352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsgid=0 comm="freshclam" exe="/usr/bin/freshclam" > type=CWD msg=audit(1150311069.037:12): cwd="/" > type=PATH msg=audit(1150311069.037:12): item=0 > name="/proc/sys/kernel/ngroups_max" flags=101 Trying to read /proc/sys/kernel/ngroups_max All the remaining audit messages are not SELinux-related. Can you let me know if freshclam works OK in enforcing mode after doing the "restorecon" above please (also look for any more AVC messages). Paul.