Bug 838511
Summary: | service clamd.amavisd cannot access /var/run/amavisd directory | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Milos Malik <mmalik> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.9 | CC: | dwalsh |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | selinux-policy-2.4.6-329.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-01-08 03:32:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Milos Malik
2012-07-09 10:03:36 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. And what are you getting in permissive mode? ---- time->Tue Jul 10 04:45:13 2012 type=SYSCALL msg=audit(1341909913.962:41877): arch=40000003 syscall=5 success=yes exit=5 a0=9dac268 a1=241 a2=1b6 a3=9de31e0 items=0 ppid=20907 pid=20908 auid=0 uid=102 gid=159 euid=102 suid=102 fsuid=102 egid=159 sgid=159 fsgid=159 tty=(none) ses=4225 comm="clamd" exe="/usr/sbin/clamd" subj=root:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1341909913.962:41877): avc: denied { add_name } for pid=20908 comm="clamd" name="clamd.pid" scontext=root:system_r:clamd_t:s0 tcontext=system_u:object_r:amavis_var_run_t:s0 tclass=dir type=AVC msg=audit(1341909913.962:41877): avc: denied { write } for pid=20908 comm="clamd" name="amavisd" dev=dm-0 ino=3506181 scontext=root:system_r:clamd_t:s0 tcontext=system_u:object_r:amavis_var_run_t:s0 tclass=dir type=AVC msg=audit(1341909913.962:41877): avc: denied { search } for pid=20908 comm="clamd" name="amavisd" dev=dm-0 ino=3506181 scontext=root:system_r:clamd_t:s0 tcontext=system_u:object_r:amavis_var_run_t:s0 tclass=dir ---- time->Tue Jul 10 04:46:12 2012 type=SYSCALL msg=audit(1341909972.259:41878): arch=40000003 syscall=10 success=yes exit=0 a0=9dac268 a1=9daa448 a2=9daa408 a3=1 items=0 ppid=1 pid=20908 auid=0 uid=102 gid=159 euid=102 suid=102 fsuid=102 egid=159 sgid=159 fsgid=159 tty=(none) ses=4225 comm="clamd" exe="/usr/sbin/clamd" subj=root:system_r:clamd_t:s0 key=(null) type=AVC msg=audit(1341909972.259:41878): avc: denied { remove_name } for pid=20908 comm="clamd" name="clamd.pid" dev=dm-0 ino=3506292 scontext=root:system_r:clamd_t:s0 tcontext=system_u:object_r:amavis_var_run_t:s0 tclass=dir ---- Ok, we need to fix amavis_create_pid_files() interface. I am adding fixes to Fedora. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0060.html |