Summary: SELinux is preventing /usr/sbin/clamd "remove_name" access on clamav-2a2044350823ca999d9180c38c989e08. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by clamd. It is not expected that this access is required by clamd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:clamd_t:s0 Target Context system_u:object_r:httpd_sys_rw_content_t:s0 Target Objects clamav-2a2044350823ca999d9180c38c989e08 [ dir ] Source clamd Source Path /usr/sbin/clamd Port <Unknown> Host (removed) Source RPM Packages clamav-server-0.95.3-1301.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-21.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.5-112.fc13.x86_64 #1 SMP Thu May 27 02:28:31 UTC 2010 x86_64 x86_64 Alert Count 2 First Seen Thu 03 Jun 2010 09:42:16 AM EDT Last Seen Thu 03 Jun 2010 09:42:16 AM EDT Local ID df1dcdf3-3d57-4fb4-80d8-09f8b259b065 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1275572536.605:35): avc: denied { remove_name } for pid=2380 comm="clamd" name="clamav-2a2044350823ca999d9180c38c989e08" dev=dm-0 ino=3277816 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1275572536.605:35): avc: denied { rmdir } for pid=2380 comm="clamd" name="clamav-2a2044350823ca999d9180c38c989e08" dev=dm-0 ino=3277816 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1275572536.605:35): arch=c000003e syscall=84 success=no exit=-39 a0=19fb920 a1=7ffff21e5250 a2=7ffff21e5250 a3=8028 items=0 ppid=1 pid=2380 auid=4294967295 uid=485 gid=469 euid=485 suid=485 fsuid=485 egid=469 sgid=469 fsgid=469 tty=(none) ses=4294967295 comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null) Hash String generated from catchall,clamd,clamd_t,httpd_sys_rw_content_t,dir,remove_name audit2allow suggests: #============= clamd_t ============== allow clamd_t httpd_sys_rw_content_t:dir { remove_name rmdir };
*** This bug has been marked as a duplicate of bug 599545 ***