Bug 468777

Summary: clamav won't start at system boot
Product: [Fedora] Fedora EPEL Reporter: Gordon Messmer <gordon.messmer>
Component: clamavAssignee: Steven Pritchard <steve>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: dwalsh, mastahnke, redhat-bugzilla, steve, tremble
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: ActualBug
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-22 08:13:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gordon Messmer 2008-10-27 22:27:29 UTC 
Description of problem:
The SELinux configuration distributed with RHEL5 and CentOS5 isn't suitable for use with ClamAV.  In the standard configuration, /var/run/clamd.* will be set to the system_u:object_r:var_run_t:s0 context, and clamd will fail to start on boot.  It will, however, start if it is not run in the "proper" context.

In order to correct the problem, the reference configuration for clamav should be included in the clamav-server package:
http://oss.tresys.com/repos/refpolicy/trunk/policy/modules/services/clamav.fc


Version-Release number of selected component (if applicable):
clamav-server-0.93.3-1.el5

How reproducible:
Always

Steps to Reproduce:
1. # restorecon -Rv /var/run/clamd.*
  
Actual results:
# restorecon -Rv /var/run/clamd.courier/
restorecon reset /var/run/clamd.courier context system_u:object_r:clamd_var_run_t:s0->system_u:object_r:var_run_t:s0


Expected results:
# restorecon -Rv /var/run/clamd.courier/
restorecon reset /var/run/clamd.courier context system_u:object_r:var_run_t:s0->system_u:object_r:clamd_var_run_t:s0
Comment 1 Gordon Messmer 2008-10-27 22:28:30 UTC 
As a workaround:

# chcon -Rv system_u:object_r:clamd_var_run_t /var/run/clamd.*
Comment 2 Robert Scheck 2008-10-28 08:51:47 UTC 
Daniel, can we maybe include the fixes for selinux-policy for RHEL 5.3?
Comment 3 Daniel Walsh 2008-10-28 23:53:43 UTC 
Should already be in there.



selinux-policy-2.4.6-178.el5

Try it out on 

http://people.redhat.com/dwalsh/SELinux/RHEL5
Comment 4 Mark Chappell 2010-09-15 07:40:12 UTC 
Gordon,

Is this still an issue for you, looks like both clamav and selinux-policy have been updated significantly since you reported the bug
Comment 5 Mark Chappell 2010-09-22 08:13:16 UTC 
No response after a week, so closing this one off.
Comment 6 Gordon Messmer 2010-09-28 02:46:30 UTC 
I appreciate your effort.  I can confirm that this is no longer a problem.  Thanks.