CLAMAV only runs in permissive mode

Discuss general troubleshooting concerns.

Moderators: scrumpy, Dave, leihog

CLAMAV only runs in permissive mode

Postby fillmoresys on Tue Oct 02, 2007 9:37 am

I've been trying to install spamassassin / clamav etc folloiwing the pdf on the website and I have come across two problems.

1) freshclam doesnot run (fixed via chown vscan /usr/bin/freshclam)
2) The daemon wont run in Enforced mode (it does in permissive mode).

I get the following errors in the message log

Oct 2 15:04:28 endeavour kernel: audit(1191330268.106:37811): avc: denied { write } for pid=6978 comm="clamd" name="clamav" dev=hdc2 ino=16304 scontext=root:system_r:initrc_t tcontext=system_u:object_r:usr_t tclass=dir

Oct 2 15:04:52 endeavour kernel: audit(1191330292.075:37813): avc: denied { create } for pid=6978 comm="clamd" name="clamd" scontext=root:system_r:initrc_t tcontext=root:object_r:tmp_t tclass=sock_file
Oct 2 15:04:32 endeavour kernel: audit(1191330272.054:37812): avc: denied { write } for pid=6978 comm="clamd" name="main.inc" dev=hdc2 ino=16481 scontext=root:system_r:initrc_t tcontext=user_u:object_r:usr_t tclass=dir
Oct 2 15:04:28 endeavour clamd: clamd startup succeeded
Oct 2 15:04:28 endeavour kernel: audit(1191330268.106:37811): avc: denied { write } for pid=6978 comm="clamd" name="clamav" dev=hdc2 ino=16304 scontext=root:system_r:initrc_t tcontext=system_u:object_r:usr_t tclass=dir

Any help to resolve this would be appreciated
fillmoresys
 
Posts: 3
Joined: Tue Oct 02, 2007 9:14 am

RE: CLAMAV only runs in permissive mode

Postby wkeys on Tue Oct 02, 2007 10:53 am

hi

Oct 2 15:04:28 endeavour kernel: audit(1191330268.106:37811): avc: denied { write } for pid=6978 comm="clamd" name="clamav" dev=hdc2 ino=16304 scontext=root:system_r:initrc_t tcontext=system_u:object_r:usr_t tclass=dir

..

Theses errors are caused by SELinux blocking the operation that clamd is trying to preform. So a solution to this problem is to set SELinux to permissive mode.

Code: Select all
# newrole -r sysadm_r
Authenticating root.
Password:
# setenforce 0


Best Regards
~bill
wkeys
 
Posts: 283
Joined: Thu Feb 01, 2007 5:43 pm

Re: RE: CLAMAV only runs in permissive mode

Postby fillmoresys on Tue Oct 02, 2007 11:12 am

I know I can get it to run in permissive mode hence the title of thread, I want it to run in secure mode.

David
fillmoresys
 
Posts: 3
Joined: Tue Oct 02, 2007 9:14 am

RE: CLAMAV only runs in permissive mode

Postby wkeys on Wed Oct 03, 2007 2:38 pm

hi
To get clamav working with SELinux enabled you will need to change the SELinux policy for clamav. This involves rebuilding the SELinux source policy and adding rules to allow Clamav to work with SELinux. Have you every done any policy hacking before it's interesting stuff and good skill to learn?

Also feel free to create a bug report at http://bugs.engardelinux.org.

Best Regards
~bill
wkeys
 
Posts: 283
Joined: Thu Feb 01, 2007 5:43 pm

RE: CLAMAV only runs in permissive mode

Postby fillmoresys on Thu Oct 04, 2007 3:55 pm

No I have never used SELinux before, I was sort of hopping that spamassasin / clamav rould be already be supported by default or that it was such a common thing that somebody else had already done it and they could explain the process.

Can you point me to somewhere I can find information on how to do it.

Thanks
fillmoresys
 
Posts: 3
Joined: Tue Oct 02, 2007 9:14 am

RE: CLAMAV only runs in permissive mode

Postby wkeys on Fri Oct 05, 2007 10:17 am

hi

The below link talks about how to setup a environment to start hacking on the SELinux policy. Then it moves on to how to start modify the current policy.

http://www.linuxsecurity.com/content/view/120837/169/

If you are interested in getting a book I recommend SELinux by Example by Frank Mayer, Karl MacMillan, David Caplan. They do a great job at explaining the
ins and outs of SELinux.

If you have any question about SELinux please feel free to let me know

~bill
wkeys
 
Posts: 283
Joined: Thu Feb 01, 2007 5:43 pm


Return to General Troubleshooting

Who is online

Users browsing this forum: No registered users and 1 guest

cron