Bug 439860 - wrong logfile name in clamav policy
wrong logfile name in clamav policy
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy-targeted (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2008-03-31 15:45 EDT by Jason Bradley Nance
Modified: 2012-10-15 10:07 EDT (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2008-0465
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-21 12:43:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jason Bradley Nance 2008-03-31 15:45:40 EDT
Description of problem:
restorecon -R /var/log/clamav doesn't restore the appropriate context for the
clamd server logs.

# strings /etc/selinux/targeted/modules/active/modules/clamav.pp
/var/log/clamav                 -d      system_u:object_r:clamd_var_log_t:s0
/var/log/clamav/clamav.*        --      system_u:object_r:clamd_var_log_t:s0

The default daemon logfile name is actually clamd.log, not clamav.log (in 0.92.1
at least).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. install clamav
2. restorecon -R /var/log/clamav
3. service clamd restart
Actual results:
Daemon refuses to start using init script due to avc denial.

Expected results:
Daemon starts as normal.

Additional info:
I'm using the clamd from RPMforge (clamd-0.92.1-1.el5.rf, clamav-0.92.1-1.el5.rf).
Comment 1 Daniel Walsh 2008-04-01 01:50:08 EDT
Fixed in U2 policy

Fixed in selinux-policy-2.4.6-126.el5

You can get a preview at

Comment 2 Jason Bradley Nance 2008-04-02 11:56:21 EDT
Slick.  Thanks.
Comment 3 Jason Bradley Nance 2008-04-03 09:50:57 EDT
Would it be possible to include:

/var/clamav  as  clamd_var_lib_t

In the updated policy as well?  I'm not sure why this change was made in the
package I'm using, and I realize it doesn't follow the FHS, so I understand if
you don't think it would be a good idea.
Comment 4 Daniel Walsh 2008-04-04 15:43:29 EDT
No but you can

semanage fcontext -a -t clamd_var_lib_t '/var/clamav(/.*)?'

Comment 10 errata-xmlrpc 2008-05-21 12:43:23 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.