Bug 447515 - SELinux is preventing /usr/bin/clamdscan (clamscan_t) "write" access to /var/webmin/sessiondb.pag (var_t)
SELinux is preventing /usr/bin/clamdscan (clamscan_t) "write" access to /var/...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
low Severity low
: rc
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2008-05-20 05:35 EDT by Paul Lauria
Modified: 2008-05-20 11:23 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-20 11:23:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Paul Lauria 2008-05-20 05:35:51 EDT
Description of problem:SELinux is preventing /usr/bin/clamdscan (clamscan_t)
"write" access to /var/webmin/sessiondb.pag (var_t)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install ClamAV
2. Use ClamAV
3. Denial appears in sealert /var/log/audit/audit.log
Actual results:

Expected results:

Additional info:
avc: denied { write } for comm="clamdscan" dev=dm-0 egid=0 euid=0
exe="/usr/bin/clamdscan" exit=0 fsgid=0 fsuid=0 gid=0 items=0
path="/var/webmin/sessiondb.pag" pid=31759
scontext=system_u:system_r:clamscan_t:s0 sgid=0
subj=system_u:system_r:clamscan_t:s0 suid=0 tclass=file
tcontext=user_u:object_r:var_t:s0 tty=(none) uid=0
Comment 1 Daniel Walsh 2008-05-20 11:23:04 EDT
Not sure what /var/webmin/sessiondb.pag is, but this is either a leaked file
descriptor or a log file which clamdscan has its output redirected to.

If you want the avc to go away you can use

grep clan /var/log/audit/audit.log | audit2allow -M mywebmin
semodule -i mywebmin.pp

Please open a bugzilla with webmin and report that they should close their file
descriptor on exec

fcntl(fd, F_SETFD, FD_CLOEXEC)

Note You need to log in before you can comment on or make changes to this bug.