Bug 838260

Summary: SELinux policy denies fsav(1) usage in amavisd-new
Product: Red Hat Enterprise Linux 6 Reporter: Robert Scheck <redhat-bugzilla>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED ERRATA QA Contact: Michal Trunecka <mtruneck>
Severity: high Docs Contact:
Priority: medium    
Version: 6.3CC: dwalsh, ebenes, mmalik, mtruneck, robert.scheck
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-168.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 08:25:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
"rpm -qivl" for F-Secure RPM packages (in standalone setup) none

Description Robert Scheck 2012-07-08 01:17:03 UTC 
Description of problem:
SELinux policy denies fsav(1) usage in amavisd-new. Basically, that is fsav(1)
as one of the primary scanners in amavisd-new.

Version-Release number of selected component (if applicable):
f-secure-automatic-update-agent-8.26.6201-1.i386
f-secure-security-platform-2.50.12134-1.i586
selinux-policy-3.7.19-155.el6_3.noarch
selinux-policy-targeted-3.7.19-155.el6_3.noarch

How reproducible:
Everytime, see above and below. You can get fsav(1) from F-Secure website:
http://download.f-secure.com/webclub/f-secure-linux-security-9.14.1942.tar.gz
install with "--command-line-only". Configure amavisd-new to use fsav(1) as
a primary scanner and try to pass an e-mail through.
  
Actual results:
SELinux policy denies fsav(1) usage in amavisd-new.

Expected results:
No AVC denieds for fsav(1) usage in amavisd-new.
Comment 2 Robert Scheck 2012-07-08 01:36:23 UTC 
Please keep in mind there are not only command line only installations out
there, thus any policy would be very extensive. Transition to unconfined for
the amavisd-new case maybe?
Comment 3 Robert Scheck 2012-07-08 12:54:55 UTC 
Cross-filed case 00675284 in the Red Hat Customer Portal.
Comment 4 Miroslav Grepl 2012-07-08 19:25:12 UTC 
Robert,
could you attach these AVC messages?

Thank you.
Comment 5 Robert Scheck 2012-07-08 19:45:44 UTC 
Sorry Miroslav, forgotten. Here they are:

type=AVC msg=audit(1341776569.529:2854): avc:  denied  { search } for  pid=9485 comm="fsav" name="1" dev=proc ino=7753 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1341776569.529:2854): avc:  denied  { read } for  pid=9485 comm="fsav" name="stat" dev=proc ino=7913 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.529:2854): arch=40000003 syscall=33 success=yes exit=0 a0=9b03e0 a1=4 a2=9b18e0 a3=0 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.533:2855): avc:  denied  { getattr } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.533:2855): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=ff8f08b0 a2=407ff4 a3=ff8ec7ff items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.533:2856): avc:  denied  { write } for  pid=9485 comm="fsav" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.533:2856): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=ff8e7cb0 a2=e0e0f0 a3=ff8e8550 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.552:2857): avc:  denied  { unlink } for  pid=9486 comm="fsavd" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.552:2857): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffb09e40 a2=808a01c a3=809f548 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2858): avc:  denied  { getattr } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.553:2858): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=ff8e84f0 a2=407ff4 a3=8c02ba8 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2859): avc:  denied  { setattr } for  pid=9486 comm="fsavd" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.553:2859): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2860): avc:  denied  { write } for  pid=9485 comm="fsav" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(1341776569.553:2861): avc:  denied  { read } for  pid=9486 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1341776569.553:2860): avc:  denied  { connectto } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1341776569.553:2861): avc:  denied  { open } for  pid=9486 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.553:2860): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff8e7cb0 a2=e0e0f0 a3=ff8e8550 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1341776569.553:2861): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2862): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.553:2862): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2863): avc:  denied  { read } for  pid=9486 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1341776569.553:2863): arch=40000003 syscall=5 success=yes exit=5 a0=ffb05c10 a1=98800 a2=ffb05c30 a3=ffb08c80 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.571:2864): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1341588956/libfsecr32-linux.so" dev=vda1 ino=133686 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.571:2864): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=99c6819 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.573:2865): avc:  denied  { read } for  pid=9486 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1341776569.573:2865): avc:  denied  { open } for  pid=9486 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.573:2865): arch=40000003 syscall=5 success=yes exit=6 a0=1372b27 a1=0 a2=1b6 a3=129a02c items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.573:2866): avc:  denied  { getattr } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1341588956/fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.573:2866): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb03058 a2=547ff4 a3=9a2a1f8 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.359:2867): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1341706626/libaqua32.so" dev=vda1 ino=133738 scontext=system_u:system_r:amavis_t:s0 t/var/log/audit/audit.log lines 3-33/40 80%
type=SYSCALL msg=audit(1341776570.359:2867): arch=40000003 syscall=143 success=yes exit=0 a0=6 a1=5 a2=6 a3=99cd971 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.360:2868): avc:  denied  { getattr } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1341706626/aquarius-linux-update.ini" dev=vda1 ino=133783 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776570.360:2868): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb01440 a2=547ff4 a3=ffb014f0 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.360:2869): avc:  denied  { execmem } for  pid=9486 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1341776570.360:2869): arch=40000003 syscall=192 success=yes exit=1245184 a0=0 a1=187c a2=7 a3=22 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.390:2870): avc:  denied  { create } for  pid=9486 comm="fsavd" name="tmp0ef15f8b" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1341776570.390:2870): arch=40000003 syscall=39 success=yes exit=0 a0=9d5faa0 a1=1c0 a2=16a370 a3=9d5faa0 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)

Basically fsav is creating a socket in /tmp (if not already existing) and
starts up a fsavd process. And then it's scanning its stuff. After some time
the fsavd process ends if unused otherwise it seems to be maybe reused.
Comment 6 Robert Scheck 2012-07-16 21:10:46 UTC 
type=AVC msg=audit(1342472225.737:159943): avc:  denied  { rmdir } for  pid=20549 comm="fsavd" name="tmp4e94e605" dev=vda1 ino=522614 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472225.737:159943): arch=40000003 syscall=40 success=yes exit=0 a0=ffc17640 a1=0 a2=80947dc a3=a4ec208 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.740:159944): avc:  denied  { lock } for  pid=20549 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472227.740:159944): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.742:159945): avc:  denied  { lock } for  pid=20549 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472227.742:159945): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=9c1f838 a3=1 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.749:159946): avc:  denied  { rmdir } for  pid=20549 comm="fsavd" name="tmp340a34ed" dev=vda1 ino=521235 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472227.749:159946): arch=40000003 syscall=40 success=yes exit=0 a0=14e378 a1=a77b80 a2=a7794c a3=a77248 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.149:159947): avc:  denied  { search } for  pid=21290 comm="fsav" name="1" dev=proc ino=7763 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1342472228.149:159947): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=7933 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.149:159947): arch=40000003 syscall=33 success=yes exit=0 a0=2d03e0 a1=4 a2=2d18e0 a3=0 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.152:159948): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902062 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472228.152:159948): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902062 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.152:159948): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=a a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { search } for  pid=21290 comm="fsav" name="20639" dev=proc ino=904086 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=904089 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=904089 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159949): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=36303920 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { search } for  pid=21290 comm="fsav" name="21153" dev=proc ino=907287 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907291 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907291 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159950): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=39373331 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { search } for  pid=21290 comm="fsav" name="21176" dev=proc ino=906921 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907292 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907292 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159951): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=20383938 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { search } for  pid=21290 comm="fsav" name="21178" dev=proc ino=907288 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907293 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907293 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159952): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=20313931 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { search } for  pid=21290 comm="fsav" name="21227" dev=proc ino=907289 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907295 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907295 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159953): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=32303234 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { search } for  pid=21290 comm="fsav" name="19928" dev=proc ino=901993 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902056 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902056 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159954): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=39373331 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.182:159955): avc:  denied  { unlink } for  pid=21291 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472228.182:159955): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffacfe00 a2=808a01c a3=809f548 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.183:159956): avc:  denied  { connectto } for  pid=21290 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1342472228.183:159957): avc:  denied  { setattr } for  pid=21291 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472228.183:159956): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff80fdb0 a2=aec0f0 a3=ff810650 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1342472228.183:159957): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.184:159958): avc:  denied  { read } for  pid=21291 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472228.184:159958): avc:  denied  { open } for  pid=21291 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.184:159958): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.184:159959): avc:  denied  { read } for  pid=21291 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472228.184:159959): arch=40000003 syscall=5 success=yes exit=5 a0=ffacbbd0 a1=98800 a2=ffacbbf0 a3=ffacec40 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.200:159960): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.200:159960): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffac9018 a2=3b4ff4 a3=91551f8 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.060:159961): avc:  denied  { read } for  pid=21291 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472229.060:159961): avc:  denied  { open } for  pid=21291 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472229.060:159961): arch=40000003 syscall=5 success=yes exit=7 a0=948ba90 a1=8000 a2=0 a3=948ba48 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.061:159962): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342440788/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472229.061:159962): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffac9640 a2=3b4ff4 a3=7 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.101:159963): avc:  denied  { create } for  pid=21291 comm="fsavd" name="tmp17ca2579" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472229.101:159963): arch=40000003 syscall=39 success=yes exit=0 a0=948bd50 a1=1c0 a2=b6c370 a3=948bd50 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472231.563:159964): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472231.563:159964): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ffacfe50 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { search } for  pid=21365 comm="fsav" name="21230" dev=proc ino=906994 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { read } for  pid=21365 comm="fsav" name="stat" dev=proc ino=907296 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { open } for  pid=21365 comm="fsav" name="stat" dev=proc ino=907296 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472232.698:159965): arch=40000003 syscall=5 success=yes exit=4 a0=ff8eb4b8 a1=0 a2=30203533 a3=66666667 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { search } for  pid=21365 comm="fsav" name="21351" dev=proc ino=909893 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { read } for  pid=21365 comm="fsav" name="stat" dev=proc ino=909897 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { open } for  pid=21365 comm="fsav" name="stat" dev=proc ino=909897 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472232.698:159966): arch=40000003 syscall=5 success=yes exit=4 a0=ff8eb4b8 a1=0 a2=32203036 a3=66666667 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.706:159967): avc:  denied  { write } for  pid=21365 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472232.706:159967): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff8df630 a2=6240f0 a3=ff8dfed0 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.987:159986): avc:  denied  { search } for  pid=22258 comm="fsav" name="1" dev=proc ino=7763 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1342472816.987:159986): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=7933 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.987:159986): arch=40000003 syscall=33 success=yes exit=0 a0=4fc3e0 a1=4 a2=4fd8e0 a3=0 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { search } for  pid=22258 comm="fsav" name="22153" dev=proc ino=912405 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912420 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912420 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.988:159987): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=a a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { search } for  pid=22258 comm="fsav" name="22157" dev=proc ino=912409 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=dir
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912424 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912424 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.989:159988): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=20353631 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { search } for  pid=22258 comm="fsav" name="22160" dev=proc ino=912412 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.989:159989): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=33303920 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { search } for  pid=22258 comm="fsav" name="22222" dev=proc ino=912414 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912429 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912429 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472816.989:159990): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=20333838 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159991): avc:  denied  { search } for  pid=22258 comm="fsav" name="22223" dev=proc ino=912415 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472816.989:159991): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=34203232 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22260" dev=proc ino=914667 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914705 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914705 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472817.015:159992): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=a a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.015:159993): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914709 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472817.015:159993): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914709 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472817.015:159993): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=36353230 a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.016:159994): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22155" dev=proc ino=912407 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472817.016:159994): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=3420312d a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.017:159995): avc:  denied  { unlink } for  pid=22259 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472817.017:159995): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ff819290 a2=808a01c a3=809f548 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159997): avc:  denied  { setattr } for  pid=22259 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(1342472817.018:159996): avc:  denied  { connectto } for  pid=22258 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1342472817.018:159997): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1342472817.018:159996): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ffced030 a2=8650f0 a3=ffced8d0 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159998): avc:  denied  { read } for  pid=22259 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472817.018:159998): avc:  denied  { open } for  pid=22259 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.018:159998): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159999): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.018:159999): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:160000): avc:  denied  { read } for  pid=22259 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472817.018:160000): arch=40000003 syscall=5 success=yes exit=5 a0=ff815060 a1=98800 a2=ff815080 a3=ff8180d0 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.028:160001): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.028:160001): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=8166819 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.029:160002): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.029:160002): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ff8124a8 a2=3b4ff4 a3=81ca1f8 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.411:160003): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22261" dev=proc ino=914669 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=SYSCALL msg=audit(1342472817.411:160003): arch=40000003 syscall=5 success=yes exit=8 a0=ff812d48 a1=0 a2=36353230 a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.412:160004): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=912422 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342472817.412:160004): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=912422 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.412:160004): arch=40000003 syscall=5 success=yes exit=8 a0=ff812d48 a1=0 a2=3420312d a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160005): avc:  denied  { read } for  pid=22259 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472817.812:160005): avc:  denied  { open } for  pid=22259 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.812:160005): arch=40000003 syscall=5 success=yes exit=7 a0=8500a90 a1=8000 a2=0 a3=8500a48 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160006): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342440788/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.812:160006): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff812ad0 a2=3b4ff4 a3=7 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160007): avc:  denied  { execmem } for  pid=22259 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342472817.812:160007): arch=40000003 syscall=192 success=yes exit=13918208 a0=0 a1=187c a2=7 a3=22 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472820.264:160008): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472820.264:160008): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ff8192e0 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { search } for  pid=22459 comm="fsav" name="22265" dev=proc ino=915828 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915833 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915833 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.537:160009): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=37373331 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { search } for  pid=22459 comm="fsav" name="22266" dev=proc ino=915829 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915834 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915834 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.538:160010): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=33392032 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { search } for  pid=22459 comm="fsav" name="22444" dev=proc ino=915830 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915835 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915835 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472823.539:160011): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=30303131 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { search } for  pid=22459 comm="fsav" name="22160" dev=proc ino=912412 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.541:160012): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=33303920 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.543:160013): avc:  denied  { write } for  pid=22459 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472823.543:160013): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ffb777c0 a2=a000f0 a3=ffb78060 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472828.165:160014): avc:  denied  { search } for  pid=22570 comm="fsav" name="22266" dev=proc ino=915829 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472828.165:160014): arch=40000003 syscall=5 success=yes exit=4 a0=ffaf9e38 a1=0 a2=33392032 a3=66666667 items=0 ppid=15760 pid=22570 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472828.167:160015): avc:  denied  { getattr } for  pid=22262 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472828.167:160015): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=ff8150d8 a2=3b4ff4 a3=8a1b1c8 items=0 ppid=22259 pid=22262 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472834.848:160016): avc:  denied  { read } for  pid=22628 comm="fsav" name="stat" dev=proc ino=912426 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472834.848:160016): avc:  denied  { open } for  pid=22628 comm="fsav" name="stat" dev=proc ino=912426 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472834.848:160016): arch=40000003 syscall=5 success=yes exit=4 a0=ffc1b768 a1=0 a2=31362036 a3=66666667 items=0 ppid=15774 pid=22628 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.925:160017): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472874.925:160017): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.929:160018): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472874.929:160018): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=8168838 a3=1 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.936:160019): avc:  denied  { rmdir } for  pid=22259 comm="fsavd" name="tmp352aa477" dev=vda1 ino=521235 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472874.936:160019): arch=40000003 syscall=40 success=yes exit=0 a0=869378 a1=11fb80 a2=11f94c a3=11f248 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
Comment 7 Miroslav Grepl 2012-07-17 11:08:13 UTC 
Some fixes added to selinux-policy-3.7.19-156. I will do a new build soon. Could you test it then?
Comment 8 Robert Scheck 2012-07-18 20:20:32 UTC 
I do not really see a fix related to F-Secure, sorry. Tested 3.7.19-156:

type=AVC msg=audit(1342642733.404:162391): avc:  denied  { search } for  pid=32264 comm="fsav" name="32225" dev=proc ino=1240446 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.404:162391): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240454 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.404:162391): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240454 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.404:162391): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=a a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { search } for  pid=32264 comm="fsav" name="32227" dev=proc ino=1240447 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240455 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240455 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.405:162392): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=30323420 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { search } for  pid=32264 comm="fsav" name="32228" dev=proc ino=1240448 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.406:162393): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=31353431 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { search } for  pid=32264 comm="fsav" name="28121" dev=proc ino=1240444 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=dir
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240463 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=file
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240463 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.406:162394): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=32362036 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { search } for  pid=32264 comm="fsav" name="31682" dev=proc ino=1235990 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240465 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240465 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.407:162395): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=37383820 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { search } for  pid=32264 comm="fsav" name="32212" dev=proc ino=1240314 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=dir
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240469 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240469 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.408:162396): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=30323420 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { search } for  pid=32264 comm="fsav" name="32214" dev=proc ino=1240445 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=dir
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240470 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240470 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.408:162397): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=20393831 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.409:162398): avc:  denied  { getattr } for  pid=32264 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.409:162398): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=fff6b960 a2=3b4ff4 a3=fff678af items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.410:162399): avc:  denied  { write } for  pid=32264 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.410:162399): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=fff62d60 a2=ea20f0 a3=fff63600 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { search } for  pid=32265 comm="fsavd" name="32266" dev=proc ino=1242100 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { read } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242146 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { open } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242146 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.426:162400): arch=40000003 syscall=5 success=yes exit=4 a0=ff9f0848 a1=0 a2=33203639 a3=66666667 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { search } for  pid=32265 comm="fsavd" name="32267" dev=proc ino=1242101 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { read } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242169 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { open } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242169 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.427:162401): arch=40000003 syscall=5 success=yes exit=4 a0=ff9f0848 a1=0 a2=36353230 a3=66666667 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.428:162402): avc:  denied  { unlink } for  pid=32265 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.428:162402): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ff9ec5d0 a2=808a01c a3=809f548 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162403): avc:  denied  { setattr } for  pid=32265 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.475:162403): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162404): avc:  denied  { read } for  pid=32265 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342642733.475:162404): avc:  denied  { open } for  pid=32265 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.475:162404): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162405): avc:  denied  { lock } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.475:162405): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162406): avc:  denied  { read } for  pid=32265 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342642733.475:162406): arch=40000003 syscall=5 success=yes exit=5 a0=ff9e83a0 a1=98800 a2=ff9e83c0 a3=ff9eb410 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.485:162407): avc:  denied  { lock } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.485:162407): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=a065819 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.486:162408): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.486:162408): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ff9e57e8 a2=4aeff4 a3=a0c91f8 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162409): avc:  denied  { read } for  pid=32265 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342642734.219:162409): avc:  denied  { open } for  pid=32265 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.219:162409): arch=40000003 syscall=5 success=yes exit=7 a0=a400618 a1=8000 a2=0 a3=a4005d0 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162410): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342591905/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.219:162410): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff9e5e10 a2=4aeff4 a3=7 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162411): avc:  denied  { execmem } for  pid=32265 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342642734.219:162411): arch=40000003 syscall=192 success=yes exit=1163264 a0=0 a1=187c a2=7 a3=22 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.249:162412): avc:  denied  { create } for  pid=32265 comm="fsavd" name="tmp00000000" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=AVC msg=audit(1342642734.249:162412): avc:  denied  { read write open } for  pid=32265 comm="fsavd" name="tmp00000000" dev=vda1 ino=522612 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.249:162412): arch=40000003 syscall=5 success=yes exit=7 a0=c41380 a1=8242 a2=1a4 a3=ff9e5d44 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.249:162413): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/tmp/tmp5ca40251/tmp00000000" dev=vda1 ino=522612 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.249:162413): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff9e5088 a2=4aeff4 a3=7 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642736.651:162414): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642736.651:162414): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ff9ec620 a2=4aeff4 a3=809f548 items=0 ppid=1 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { search } for  pid=32686 comm="fsav" name="32228" dev=proc ino=1240448 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.597:162415): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=34353431 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { search } for  pid=32686 comm="fsav" name="32261" dev=proc ino=1240451 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240460 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240460 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642747.597:162416): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=32342031 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { search } for  pid=32686 comm="fsav" name="32271" dev=proc ino=1249008 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249017 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249017 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.598:162417): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=37373331 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { search } for  pid=32686 comm="fsav" name="32272" dev=proc ino=1249009 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249018 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249018 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162418): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=33392032 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { search } for  pid=32686 comm="fsav" name="32273" dev=proc ino=1249010 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249019 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249019 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162419): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=30303131 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { search } for  pid=32686 comm="fsav" name="32274" dev=proc ino=1249011 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249020 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249020 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162420): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=20363631 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.602:162421): avc:  denied  { write } for  pid=32686 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642747.602:162421): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff9722a0 a2=88b0f0 a3=ff972b40 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.604:162422): avc:  denied  { getattr } for  pid=32268 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.604:162422): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=ff9e8418 a2=4aeff4 a3=a91c818 items=0 ppid=32265 pid=32268 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)

Which fixes did you do exactly that you expect me to test?
Comment 9 Robert Scheck 2012-07-18 20:21:20 UTC 
Can we please have at least a proper transition to unconfined for F-Secure?
Comment 10 Robert Scheck 2012-07-18 20:25:39 UTC 
Or shall we provide a virtual machine having both set up? Would that help?
Comment 11 Miroslav Grepl 2012-07-18 20:37:42 UTC 
well we are trying to run F-secure together with amavis_t. We need to add more fixes.

Also you will need to add labeling for /opt/f-secure.
Comment 12 Robert Scheck 2012-07-18 21:05:33 UTC 
Expected:
restorecon reset /opt/f-secure/fsav/bin context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsdiag context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsav context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsavd context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/clstate_update context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/dbupdate context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/dbupdate_lite context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/uninstall-fsav context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/licensetool context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/clstate_generator context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0

Unexpected:
restorecon reset /var/opt/f-secure/fsaua/data/content/aqualnx32/1342591905/bdcore.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so context system_u:object_r:textrel_shlib_t:s0->system_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/aqualnx32.1342591905/libaqua32.so context system_u:object_r:textrel_shlib_t:s0->system_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/aqualnx32.1342591905/bdcore.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/fmlibunix.1294643837/libfm-lnx32.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0
Comment 13 Robert Scheck 2012-07-18 21:10:16 UTC 
type=AVC msg=audit(1342645782.689:162658): avc:  denied  { search } for  pid=5720 comm="fsav" name="5652" dev=proc ino=1271191 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342645782.689:162658): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342645782.689:162658): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.689:162658): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=a a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { search } for  pid=5720 comm="fsav" name="5653" dev=proc ino=1271192 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271199 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271199 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.691:162659): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=20333534 a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { search } for  pid=5720 comm="fsav" name="5687" dev=proc ino=1271196 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271203 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271203 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.691:162660): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=30333031 a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.693:162661): avc:  denied  { getattr } for  pid=5720 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.693:162661): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=fffc3de0 a2=592ff4 a3=fffbfd2f items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.693:162662): avc:  denied  { write } for  pid=5720 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.693:162662): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=fffbb1e0 a2=1210f0 a3=fffbba80 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5722" dev=proc ino=1272885 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272926 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272926 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.713:162663): arch=40000003 syscall=5 success=yes exit=4 a0=ffb246c8 a1=0 a2=30203338 a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5723" dev=proc ino=1272886 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272988 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272988 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.714:162664): arch=40000003 syscall=5 success=yes exit=4 a0=ffb246c8 a1=0 a2=30363532 a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162665): avc:  denied  { unlink } for  pid=5721 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.716:162665): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffb20450 a2=808a01c a3=809f548 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162666): avc:  denied  { setattr } for  pid=5721 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.716:162666): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162667): avc:  denied  { read } for  pid=5721 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645782.716:162667): avc:  denied  { open } for  pid=5721 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.716:162667): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162668): avc:  denied  { read } for  pid=5721 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342645782.716:162668): arch=40000003 syscall=5 success=yes exit=5 a0=ffb1c220 a1=98800 a2=ffb1c240 a3=ffb1f290 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.727:162669): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.727:162669): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=9630819 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.727:162670): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.727:162670): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb19668 a2=3b4ff4 a3=96941f8 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.826:162671): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.826:162671): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb19308 a2=3b4ff4 a3=96941f8 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.839:162672): avc:  denied  { read } for  pid=5721 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645782.839:162672): avc:  denied  { open } for  pid=5721 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.839:162672): arch=40000003 syscall=5 success=yes exit=6 a0=144cb27 a1=0 a2=1b6 a3=137402c items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5652" dev=proc ino=1271191 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.089:162673): arch=40000003 syscall=5 success=yes exit=8 a0=ffb19f08 a1=0 a2=a a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.464:162674): avc:  denied  { read } for  pid=5721 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645783.464:162674): avc:  denied  { open } for  pid=5721 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.464:162674): arch=40000003 syscall=5 success=yes exit=7 a0=99cb050 a1=8000 a2=0 a3=99cb008 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.465:162675): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342591905/xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.465:162675): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb19c90 a2=3b4ff4 a3=7 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.465:162676): avc:  denied  { execmem } for  pid=5721 comm="fsavd" scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342645783.465:162676): arch=40000003 syscall=192 success=yes exit=15400960 a0=0 a1=187c a2=7 a3=22 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.494:162677): avc:  denied  { create } for  pid=5721 comm="fsavd" name="tmp00000000" scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=AVC msg=audit(1342645783.494:162677): avc:  denied  { read write open } for  pid=5721 comm="fsavd" name="tmp00000000" dev=vda1 ino=522612 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.494:162677): arch=40000003 syscall=5 success=yes exit=7 a0=17b380 a1=8242 a2=1a4 a3=ffb19bc4 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.494:162678): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/tmp/tmp76369c6a/tmp00000000" dev=vda1 ino=522612 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.494:162678): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb18f08 a2=3b4ff4 a3=7 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645788.869:162679): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645788.869:162679): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ffb204a0 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
Comment 14 Robert Scheck 2012-07-18 21:11:19 UTC 
Whoops, didn't copy everything, this was additionally missing:

type=AVC msg=audit(1342645816.899:162680): avc:  denied  { unlink } for  pid=5721 comm="fsavd" name="tmp00000000" dev=vda1 ino=522615 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645816.899:162680): arch=40000003 syscall=10 success=yes exit=0 a0=ffb1e3f0 a1=ffb1e390 a2=80947dc a3=9f017e0 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645818.902:162681): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645818.902:162681): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645818.905:162682): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342645818.905:162682): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=9632838 a3=1 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
Comment 15 Daniel Walsh 2012-07-19 15:04:29 UTC 
First thing to lower the noice would be to add

domain_dontaudit_read_all_domains_state(amavis_t)

Secondly would be to label the content under /var/opt/f-secure as amavis_var_lib_t

# semanage fcontext -a -t amavis_var_lib_t '/var/opt/f-secure(/.*)?'
# restorecon -R -v /var/opt/f-secure

the execmem is a little concerning, is this tool using java?
Comment 16 Miroslav Grepl 2012-07-19 20:55:40 UTC 
The rule/context will be in the next RHEL6.4 build.

What does

# rpm -qf /var/opt/f-secure

I think a user will need to run the restorecon but we should have this labeling in the policy.
Comment 17 Miroslav Grepl 2012-07-19 20:56:28 UTC 
Probably we also will need rules which we have for clamav

tunable_policy(`clamd_use_jit',`
    allow clamd_t self:process execmem;
    allow clamscan_t self:process execmem;
', `
    dontaudit clamd_t self:process execmem;
    dontaudit clamscan_t self:process execmem;
')
Comment 18 Robert Scheck 2012-07-20 11:17:44 UTC 
# rpm -qf /var/opt/f-secure/
f-secure-security-platform-2.50.12134-1.i586
#
Comment 19 Robert Scheck 2012-07-20 11:19:03 UTC 
(In reply to comment #15)
> Secondly would be to label the content under /var/opt/f-secure as
> amavis_var_lib_t

No, that would be absolutely wrong. See attached "rpm -qvl".

> the execmem is a little concerning, is this tool using java?

No, but F-Secure might use similar technologies like ClamAV.
Comment 20 Robert Scheck 2012-07-20 11:19:44 UTC 
Created attachment 599363 [details]
"rpm -qivl" for F-Secure RPM packages (in standalone setup)
Comment 21 Miroslav Grepl 2012-07-23 04:50:33 UTC 
So we should just label 

/var/opt/f-secure/fssp/databases


amavis_var_lib_t? Could you try it?
Comment 22 Robert Scheck 2012-07-23 07:28:55 UTC 
No! None of the F-Secure signature databases ever should be labeled as 
amavis_var_lib_t. F-Secure is not Amavisd-New specific, it's a generic
anti-virus software like ClamAV is. ClamAV uses clamd_var_lib_t for the
signature database directory and something equivalent should be used by
F-Secure to. Even none of the directories/files mentioned in my posted
"rpm -qivl" ever should be labeled with any Amavisd-New file context...
Comment 23 Miroslav Grepl 2012-07-23 11:02:13 UTC 
It does not mean the directory can not be labeled as we suggest. We can add a new file type for a directory so we try to find the best solution with the current labeling.
Comment 24 Daniel Walsh 2012-07-23 14:52:08 UTC 
I think we should probably create a type like antivirus_db_t and start labelling all this content the same, since it is all the same stuff from a security point of view.
Comment 25 Robert Scheck 2012-07-25 19:27:35 UTC 
Miroslav, if I "randomly" label /var/opt/f-secure/fssp/databases as
amavis_var_lib_t, it will cause trouble, if I run a fsav scan from a
other service, right? That wouldn't be generic at all...
Comment 26 Miroslav Grepl 2012-07-26 05:38:21 UTC 
I like Dan's idea. I would add a new policy

antivirus.te

with this labeling and we could start to merge these antivirus apps together.
Comment 27 Miroslav Grepl 2012-10-09 21:19:20 UTC 
I have just implemented a new antivirus policy to Fedora18 and will backport to RHEL6 ASAP.
Comment 30 errata-xmlrpc 2013-02-21 08:25:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0314.html