838260 – SELinux policy denies fsav(1) usage in amavisd-new

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 838260 - SELinux policy denies fsav(1) usage in amavisd-new

Summary: SELinux policy denies fsav(1) usage in amavisd-new

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	6.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	Michal Trunecka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-07-08 01:17 UTC by Robert Scheck
Modified:	2018-11-30 21:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:	selinux-policy-3.7.19-168.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 08:25:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
"rpm -qivl" for F-Secure RPM packages (in standalone setup) (14.72 KB, text/plain) 2012-07-20 11:19 UTC, Robert Scheck	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0314	0	normal	SHIPPED_LIVE	selinux-policy bug fix and enhancement update	2013-02-20 20:35:01 UTC

Description Robert Scheck 2012-07-08 01:17:03 UTC

Description of problem:
SELinux policy denies fsav(1) usage in amavisd-new. Basically, that is fsav(1)
as one of the primary scanners in amavisd-new.

Version-Release number of selected component (if applicable):
f-secure-automatic-update-agent-8.26.6201-1.i386
f-secure-security-platform-2.50.12134-1.i586
selinux-policy-3.7.19-155.el6_3.noarch
selinux-policy-targeted-3.7.19-155.el6_3.noarch

How reproducible:
Everytime, see above and below. You can get fsav(1) from F-Secure website:
http://download.f-secure.com/webclub/f-secure-linux-security-9.14.1942.tar.gz
install with "--command-line-only". Configure amavisd-new to use fsav(1) as
a primary scanner and try to pass an e-mail through.
  
Actual results:
SELinux policy denies fsav(1) usage in amavisd-new.

Expected results:
No AVC denieds for fsav(1) usage in amavisd-new.

Comment 2 Robert Scheck 2012-07-08 01:36:23 UTC

Please keep in mind there are not only command line only installations out
there, thus any policy would be very extensive. Transition to unconfined for
the amavisd-new case maybe?

Comment 3 Robert Scheck 2012-07-08 12:54:55 UTC

Cross-filed case 00675284 in the Red Hat Customer Portal.

Comment 4 Miroslav Grepl 2012-07-08 19:25:12 UTC

Robert,
could you attach these AVC messages?

Thank you.

Comment 5 Robert Scheck 2012-07-08 19:45:44 UTC

Sorry Miroslav, forgotten. Here they are:

type=AVC msg=audit(1341776569.529:2854): avc:  denied  { search } for  pid=9485 comm="fsav" name="1" dev=proc ino=7753 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1341776569.529:2854): avc:  denied  { read } for  pid=9485 comm="fsav" name="stat" dev=proc ino=7913 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.529:2854): arch=40000003 syscall=33 success=yes exit=0 a0=9b03e0 a1=4 a2=9b18e0 a3=0 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.533:2855): avc:  denied  { getattr } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.533:2855): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=ff8f08b0 a2=407ff4 a3=ff8ec7ff items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.533:2856): avc:  denied  { write } for  pid=9485 comm="fsav" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.533:2856): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=ff8e7cb0 a2=e0e0f0 a3=ff8e8550 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.552:2857): avc:  denied  { unlink } for  pid=9486 comm="fsavd" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.552:2857): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffb09e40 a2=808a01c a3=809f548 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2858): avc:  denied  { getattr } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.553:2858): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=ff8e84f0 a2=407ff4 a3=8c02ba8 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2859): avc:  denied  { setattr } for  pid=9486 comm="fsavd" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1341776569.553:2859): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2860): avc:  denied  { write } for  pid=9485 comm="fsav" name=".fsav-497" dev=vda1 ino=521264 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(1341776569.553:2861): avc:  denied  { read } for  pid=9486 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1341776569.553:2860): avc:  denied  { connectto } for  pid=9485 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1341776569.553:2861): avc:  denied  { open } for  pid=9486 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.553:2860): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff8e7cb0 a2=e0e0f0 a3=ff8e8550 items=0 ppid=31776 pid=9485 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=385 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1341776569.553:2861): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2862): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.553:2862): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.553:2863): avc:  denied  { read } for  pid=9486 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1341776569.553:2863): arch=40000003 syscall=5 success=yes exit=5 a0=ffb05c10 a1=98800 a2=ffb05c30 a3=ffb08c80 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.571:2864): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1341588956/libfsecr32-linux.so" dev=vda1 ino=133686 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.571:2864): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=99c6819 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.573:2865): avc:  denied  { read } for  pid=9486 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1341776569.573:2865): avc:  denied  { open } for  pid=9486 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.573:2865): arch=40000003 syscall=5 success=yes exit=6 a0=1372b27 a1=0 a2=1b6 a3=129a02c items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776569.573:2866): avc:  denied  { getattr } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1341588956/fsedb.dat" dev=vda1 ino=133717 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776569.573:2866): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb03058 a2=547ff4 a3=9a2a1f8 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.359:2867): avc:  denied  { lock } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1341706626/libaqua32.so" dev=vda1 ino=133738 scontext=system_u:system_r:amavis_t:s0 t/var/log/audit/audit.log lines 3-33/40 80%
type=SYSCALL msg=audit(1341776570.359:2867): arch=40000003 syscall=143 success=yes exit=0 a0=6 a1=5 a2=6 a3=99cd971 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.360:2868): avc:  denied  { getattr } for  pid=9486 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1341706626/aquarius-linux-update.ini" dev=vda1 ino=133783 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1341776570.360:2868): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb01440 a2=547ff4 a3=ffb014f0 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.360:2869): avc:  denied  { execmem } for  pid=9486 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1341776570.360:2869): arch=40000003 syscall=192 success=yes exit=1245184 a0=0 a1=187c a2=7 a3=22 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1341776570.390:2870): avc:  denied  { create } for  pid=9486 comm="fsavd" name="tmp0ef15f8b" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1341776570.390:2870): arch=40000003 syscall=39 success=yes exit=0 a0=9d5faa0 a1=1c0 a2=16a370 a3=9d5faa0 items=0 ppid=9485 pid=9486 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=385 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)

Basically fsav is creating a socket in /tmp (if not already existing) and
starts up a fsavd process. And then it's scanning its stuff. After some time
the fsavd process ends if unused otherwise it seems to be maybe reused.

Comment 6 Robert Scheck 2012-07-16 21:10:46 UTC

type=AVC msg=audit(1342472225.737:159943): avc:  denied  { rmdir } for  pid=20549 comm="fsavd" name="tmp4e94e605" dev=vda1 ino=522614 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472225.737:159943): arch=40000003 syscall=40 success=yes exit=0 a0=ffc17640 a1=0 a2=80947dc a3=a4ec208 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.740:159944): avc:  denied  { lock } for  pid=20549 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472227.740:159944): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.742:159945): avc:  denied  { lock } for  pid=20549 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472227.742:159945): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=9c1f838 a3=1 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472227.749:159946): avc:  denied  { rmdir } for  pid=20549 comm="fsavd" name="tmp340a34ed" dev=vda1 ino=521235 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472227.749:159946): arch=40000003 syscall=40 success=yes exit=0 a0=14e378 a1=a77b80 a2=a7794c a3=a77248 items=0 ppid=1 pid=20549 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.149:159947): avc:  denied  { search } for  pid=21290 comm="fsav" name="1" dev=proc ino=7763 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1342472228.149:159947): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=7933 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.149:159947): arch=40000003 syscall=33 success=yes exit=0 a0=2d03e0 a1=4 a2=2d18e0 a3=0 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.152:159948): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902062 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472228.152:159948): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902062 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.152:159948): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=a a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { search } for  pid=21290 comm="fsav" name="20639" dev=proc ino=904086 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=904089 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159949): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=904089 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159949): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=36303920 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { search } for  pid=21290 comm="fsav" name="21153" dev=proc ino=907287 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907291 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159950): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907291 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_showq_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159950): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=39373331 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { search } for  pid=21290 comm="fsav" name="21176" dev=proc ino=906921 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907292 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159951): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907292 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159951): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=20383938 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { search } for  pid=21290 comm="fsav" name="21178" dev=proc ino=907288 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907293 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159952): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907293 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159952): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=20313931 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { search } for  pid=21290 comm="fsav" name="21227" dev=proc ino=907289 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907295 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159953): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=907295 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:clamd_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159953): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=32303234 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { search } for  pid=21290 comm="fsav" name="19928" dev=proc ino=901993 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { read } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902056 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342472228.153:159954): avc:  denied  { open } for  pid=21290 comm="fsav" name="stat" dev=proc ino=902056 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.153:159954): arch=40000003 syscall=5 success=yes exit=4 a0=ff81bc38 a1=0 a2=39373331 a3=66666667 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.182:159955): avc:  denied  { unlink } for  pid=21291 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472228.182:159955): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffacfe00 a2=808a01c a3=809f548 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.183:159956): avc:  denied  { connectto } for  pid=21290 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1342472228.183:159957): avc:  denied  { setattr } for  pid=21291 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472228.183:159956): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff80fdb0 a2=aec0f0 a3=ff810650 items=0 ppid=15760 pid=21290 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1342472228.183:159957): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.184:159958): avc:  denied  { read } for  pid=21291 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472228.184:159958): avc:  denied  { open } for  pid=21291 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.184:159958): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.184:159959): avc:  denied  { read } for  pid=21291 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472228.184:159959): arch=40000003 syscall=5 success=yes exit=5 a0=ffacbbd0 a1=98800 a2=ffacbbf0 a3=ffacec40 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472228.200:159960): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472228.200:159960): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffac9018 a2=3b4ff4 a3=91551f8 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.060:159961): avc:  denied  { read } for  pid=21291 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472229.060:159961): avc:  denied  { open } for  pid=21291 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472229.060:159961): arch=40000003 syscall=5 success=yes exit=7 a0=948ba90 a1=8000 a2=0 a3=948ba48 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.061:159962): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342440788/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472229.061:159962): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffac9640 a2=3b4ff4 a3=7 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472229.101:159963): avc:  denied  { create } for  pid=21291 comm="fsavd" name="tmp17ca2579" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472229.101:159963): arch=40000003 syscall=39 success=yes exit=0 a0=948bd50 a1=1c0 a2=b6c370 a3=948bd50 items=0 ppid=21290 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472231.563:159964): avc:  denied  { getattr } for  pid=21291 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472231.563:159964): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ffacfe50 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=21291 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { search } for  pid=21365 comm="fsav" name="21230" dev=proc ino=906994 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { read } for  pid=21365 comm="fsav" name="stat" dev=proc ino=907296 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472232.698:159965): avc:  denied  { open } for  pid=21365 comm="fsav" name="stat" dev=proc ino=907296 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472232.698:159965): arch=40000003 syscall=5 success=yes exit=4 a0=ff8eb4b8 a1=0 a2=30203533 a3=66666667 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { search } for  pid=21365 comm="fsav" name="21351" dev=proc ino=909893 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { read } for  pid=21365 comm="fsav" name="stat" dev=proc ino=909897 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472232.698:159966): avc:  denied  { open } for  pid=21365 comm="fsav" name="stat" dev=proc ino=909897 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472232.698:159966): arch=40000003 syscall=5 success=yes exit=4 a0=ff8eb4b8 a1=0 a2=32203036 a3=66666667 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472232.706:159967): avc:  denied  { write } for  pid=21365 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472232.706:159967): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff8df630 a2=6240f0 a3=ff8dfed0 items=0 ppid=15764 pid=21365 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.987:159986): avc:  denied  { search } for  pid=22258 comm="fsav" name="1" dev=proc ino=7763 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir
type=AVC msg=audit(1342472816.987:159986): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=7933 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.987:159986): arch=40000003 syscall=33 success=yes exit=0 a0=4fc3e0 a1=4 a2=4fd8e0 a3=0 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { search } for  pid=22258 comm="fsav" name="22153" dev=proc ino=912405 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912420 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342472816.988:159987): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912420 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.988:159987): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=a a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { search } for  pid=22258 comm="fsav" name="22157" dev=proc ino=912409 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=dir
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912424 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472816.989:159988): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912424 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.989:159988): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=20353631 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { search } for  pid=22258 comm="fsav" name="22160" dev=proc ino=912412 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342472816.989:159989): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342472816.989:159989): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=33303920 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { search } for  pid=22258 comm="fsav" name="22222" dev=proc ino=912414 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { read } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912429 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472816.989:159990): avc:  denied  { open } for  pid=22258 comm="fsav" name="stat" dev=proc ino=912429 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472816.989:159990): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=20333838 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472816.989:159991): avc:  denied  { search } for  pid=22258 comm="fsav" name="22223" dev=proc ino=912415 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472816.989:159991): arch=40000003 syscall=5 success=yes exit=4 a0=ffcf8eb8 a1=0 a2=34203232 a3=66666667 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22260" dev=proc ino=914667 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914705 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472817.015:159992): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914705 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472817.015:159992): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=a a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.015:159993): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914709 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472817.015:159993): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=914709 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472817.015:159993): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=36353230 a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.016:159994): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22155" dev=proc ino=912407 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472817.016:159994): arch=40000003 syscall=5 success=yes exit=4 a0=ff81d508 a1=0 a2=3420312d a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.017:159995): avc:  denied  { unlink } for  pid=22259 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472817.017:159995): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ff819290 a2=808a01c a3=809f548 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159997): avc:  denied  { setattr } for  pid=22259 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=AVC msg=audit(1342472817.018:159996): avc:  denied  { connectto } for  pid=22258 comm="fsav" path="/tmp/.fsav-497" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1342472817.018:159997): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=SYSCALL msg=audit(1342472817.018:159996): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ffced030 a2=8650f0 a3=ffced8d0 items=0 ppid=15760 pid=22258 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159998): avc:  denied  { read } for  pid=22259 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472817.018:159998): avc:  denied  { open } for  pid=22259 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.018:159998): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:159999): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.018:159999): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.018:160000): avc:  denied  { read } for  pid=22259 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472817.018:160000): arch=40000003 syscall=5 success=yes exit=5 a0=ff815060 a1=98800 a2=ff815080 a3=ff8180d0 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.028:160001): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.028:160001): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=8166819 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.029:160002): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.029:160002): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ff8124a8 a2=3b4ff4 a3=81ca1f8 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.411:160003): avc:  denied  { search } for  pid=22259 comm="fsavd" name="22261" dev=proc ino=914669 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=SYSCALL msg=audit(1342472817.411:160003): arch=40000003 syscall=5 success=yes exit=8 a0=ff812d48 a1=0 a2=36353230 a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.412:160004): avc:  denied  { read } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=912422 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342472817.412:160004): avc:  denied  { open } for  pid=22259 comm="fsavd" name="stat" dev=proc ino=912422 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.412:160004): arch=40000003 syscall=5 success=yes exit=8 a0=ff812d48 a1=0 a2=3420312d a3=66666667 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160005): avc:  denied  { read } for  pid=22259 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342472817.812:160005): avc:  denied  { open } for  pid=22259 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.812:160005): arch=40000003 syscall=5 success=yes exit=7 a0=8500a90 a1=8000 a2=0 a3=8500a48 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160006): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342440788/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472817.812:160006): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff812ad0 a2=3b4ff4 a3=7 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472817.812:160007): avc:  denied  { execmem } for  pid=22259 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342472817.812:160007): arch=40000003 syscall=192 success=yes exit=13918208 a0=0 a1=187c a2=7 a3=22 items=0 ppid=22258 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472820.264:160008): avc:  denied  { getattr } for  pid=22259 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472820.264:160008): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ff8192e0 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { search } for  pid=22459 comm="fsav" name="22265" dev=proc ino=915828 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915833 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342472823.537:160009): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915833 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.537:160009): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=37373331 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { search } for  pid=22459 comm="fsav" name="22266" dev=proc ino=915829 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915834 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=AVC msg=audit(1342472823.538:160010): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915834 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.538:160010): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=33392032 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { search } for  pid=22459 comm="fsav" name="22444" dev=proc ino=915830 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915835 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342472823.539:160011): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=915835 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342472823.539:160011): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=30303131 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { search } for  pid=22459 comm="fsav" name="22160" dev=proc ino=912412 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { read } for  pid=22459 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342472823.541:160012): avc:  denied  { open } for  pid=22459 comm="fsav" name="stat" dev=proc ino=912427 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342472823.541:160012): arch=40000003 syscall=5 success=yes exit=4 a0=ffb83648 a1=0 a2=33303920 a3=66666667 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472823.543:160013): avc:  denied  { write } for  pid=22459 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342472823.543:160013): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ffb777c0 a2=a000f0 a3=ffb78060 items=0 ppid=15772 pid=22459 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472828.165:160014): avc:  denied  { search } for  pid=22570 comm="fsav" name="22266" dev=proc ino=915829 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472828.165:160014): arch=40000003 syscall=5 success=yes exit=4 a0=ffaf9e38 a1=0 a2=33392032 a3=66666667 items=0 ppid=15760 pid=22570 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472828.167:160015): avc:  denied  { getattr } for  pid=22262 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/fsedb.dat" dev=vda1 ino=133793 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472828.167:160015): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=ff8150d8 a2=3b4ff4 a3=8a1b1c8 items=0 ppid=22259 pid=22262 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472834.848:160016): avc:  denied  { read } for  pid=22628 comm="fsav" name="stat" dev=proc ino=912426 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342472834.848:160016): avc:  denied  { open } for  pid=22628 comm="fsav" name="stat" dev=proc ino=912426 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342472834.848:160016): arch=40000003 syscall=5 success=yes exit=4 a0=ffc1b768 a1=0 a2=31362036 a3=66666667 items=0 ppid=15774 pid=22628 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=834 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.925:160017): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342472874.925:160017): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.929:160018): avc:  denied  { lock } for  pid=22259 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342445744/libfsecr32-linux.so" dev=vda1 ino=133701 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342472874.929:160018): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=8168838 a3=1 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342472874.936:160019): avc:  denied  { rmdir } for  pid=22259 comm="fsavd" name="tmp352aa477" dev=vda1 ino=521235 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1342472874.936:160019): arch=40000003 syscall=40 success=yes exit=0 a0=869378 a1=11fb80 a2=11f94c a3=11f248 items=0 ppid=1 pid=22259 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=834 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)

Comment 7 Miroslav Grepl 2012-07-17 11:08:13 UTC

Some fixes added to selinux-policy-3.7.19-156. I will do a new build soon. Could you test it then?

Comment 8 Robert Scheck 2012-07-18 20:20:32 UTC

I do not really see a fix related to F-Secure, sorry. Tested 3.7.19-156:

type=AVC msg=audit(1342642733.404:162391): avc:  denied  { search } for  pid=32264 comm="fsav" name="32225" dev=proc ino=1240446 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.404:162391): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240454 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.404:162391): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240454 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.404:162391): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=a a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { search } for  pid=32264 comm="fsav" name="32227" dev=proc ino=1240447 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240455 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342642733.405:162392): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240455 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.405:162392): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=30323420 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { search } for  pid=32264 comm="fsav" name="32228" dev=proc ino=1240448 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342642733.406:162393): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.406:162393): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=31353431 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { search } for  pid=32264 comm="fsav" name="28121" dev=proc ino=1240444 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=dir
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240463 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=file
type=AVC msg=audit(1342642733.406:162394): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240463 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.406:162394): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=32362036 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { search } for  pid=32264 comm="fsav" name="31682" dev=proc ino=1235990 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240465 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.407:162395): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240465 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.407:162395): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=37383820 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { search } for  pid=32264 comm="fsav" name="32212" dev=proc ino=1240314 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=dir
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240469 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=AVC msg=audit(1342642733.408:162396): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240469 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:auditd_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.408:162396): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=30323420 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { search } for  pid=32264 comm="fsav" name="32214" dev=proc ino=1240445 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=dir
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { read } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240470 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=AVC msg=audit(1342642733.408:162397): avc:  denied  { open } for  pid=32264 comm="fsav" name="stat" dev=proc ino=1240470 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:audisp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.408:162397): arch=40000003 syscall=5 success=yes exit=4 a0=fff6ebe8 a1=0 a2=20393831 a3=66666667 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.409:162398): avc:  denied  { getattr } for  pid=32264 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.409:162398): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=fff6b960 a2=3b4ff4 a3=fff678af items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.410:162399): avc:  denied  { write } for  pid=32264 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.410:162399): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=fff62d60 a2=ea20f0 a3=fff63600 items=0 ppid=23506 pid=32264 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { search } for  pid=32265 comm="fsavd" name="32266" dev=proc ino=1242100 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { read } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242146 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.426:162400): avc:  denied  { open } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242146 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.426:162400): arch=40000003 syscall=5 success=yes exit=4 a0=ff9f0848 a1=0 a2=33203639 a3=66666667 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { search } for  pid=32265 comm="fsavd" name="32267" dev=proc ino=1242101 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { read } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242169 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642733.427:162401): avc:  denied  { open } for  pid=32265 comm="fsavd" name="stat" dev=proc ino=1242169 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642733.427:162401): arch=40000003 syscall=5 success=yes exit=4 a0=ff9f0848 a1=0 a2=36353230 a3=66666667 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.428:162402): avc:  denied  { unlink } for  pid=32265 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.428:162402): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ff9ec5d0 a2=808a01c a3=809f548 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162403): avc:  denied  { setattr } for  pid=32265 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642733.475:162403): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162404): avc:  denied  { read } for  pid=32265 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342642733.475:162404): avc:  denied  { open } for  pid=32265 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.475:162404): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162405): avc:  denied  { lock } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.475:162405): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=5 a2=4 a3=80c4480 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.475:162406): avc:  denied  { read } for  pid=32265 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342642733.475:162406): arch=40000003 syscall=5 success=yes exit=5 a0=ff9e83a0 a1=98800 a2=ff9e83c0 a3=ff9eb410 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.485:162407): avc:  denied  { lock } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.485:162407): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=a065819 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642733.486:162408): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642733.486:162408): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ff9e57e8 a2=4aeff4 a3=a0c91f8 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162409): avc:  denied  { read } for  pid=32265 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342642734.219:162409): avc:  denied  { open } for  pid=32265 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.219:162409): arch=40000003 syscall=5 success=yes exit=7 a0=a400618 a1=8000 a2=0 a3=a4005d0 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162410): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342591905/xlmrd.cvd" dev=vda1 ino=135518 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.219:162410): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff9e5e10 a2=4aeff4 a3=7 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.219:162411): avc:  denied  { execmem } for  pid=32265 comm="fsavd" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342642734.219:162411): arch=40000003 syscall=192 success=yes exit=1163264 a0=0 a1=187c a2=7 a3=22 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.249:162412): avc:  denied  { create } for  pid=32265 comm="fsavd" name="tmp00000000" scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=AVC msg=audit(1342642734.249:162412): avc:  denied  { read write open } for  pid=32265 comm="fsavd" name="tmp00000000" dev=vda1 ino=522612 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.249:162412): arch=40000003 syscall=5 success=yes exit=7 a0=c41380 a1=8242 a2=1a4 a3=ff9e5d44 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642734.249:162413): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/tmp/tmp5ca40251/tmp00000000" dev=vda1 ino=522612 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642734.249:162413): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ff9e5088 a2=4aeff4 a3=7 items=0 ppid=32264 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642736.651:162414): avc:  denied  { getattr } for  pid=32265 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642736.651:162414): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ff9ec620 a2=4aeff4 a3=809f548 items=0 ppid=1 pid=32265 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { search } for  pid=32686 comm="fsav" name="32228" dev=proc ino=1240448 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342642747.597:162415): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240456 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.597:162415): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=34353431 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { search } for  pid=32686 comm="fsav" name="32261" dev=proc ino=1240451 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240460 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342642747.597:162416): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1240460 scontext=system_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342642747.597:162416): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=32342031 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { search } for  pid=32686 comm="fsav" name="32271" dev=proc ino=1249008 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=dir
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249017 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=AVC msg=audit(1342642747.598:162417): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249017 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.598:162417): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=37373331 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { search } for  pid=32686 comm="fsav" name="32272" dev=proc ino=1249009 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249018 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162418): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249018 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_local_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162418): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=33392032 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { search } for  pid=32686 comm="fsav" name="32273" dev=proc ino=1249010 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249019 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162419): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249019 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162419): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=30303131 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { search } for  pid=32686 comm="fsav" name="32274" dev=proc ino=1249011 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=dir
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { read } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249020 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=AVC msg=audit(1342642747.600:162420): avc:  denied  { open } for  pid=32686 comm="fsav" name="stat" dev=proc ino=1249020 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_bounce_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.600:162420): arch=40000003 syscall=5 success=yes exit=4 a0=ff97e128 a1=0 a2=20363631 a3=66666667 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.602:162421): avc:  denied  { write } for  pid=32686 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342642747.602:162421): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=ff9722a0 a2=88b0f0 a3=ff972b40 items=0 ppid=23509 pid=32686 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1207 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=system_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342642747.604:162422): avc:  denied  { getattr } for  pid=32268 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=system_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342642747.604:162422): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=ff9e8418 a2=4aeff4 a3=a91c818 items=0 ppid=32265 pid=32268 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1207 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=system_u:system_r:amavis_t:s0 key=(null)

Which fixes did you do exactly that you expect me to test?

Comment 9 Robert Scheck 2012-07-18 20:21:20 UTC

Can we please have at least a proper transition to unconfined for F-Secure?

Comment 10 Robert Scheck 2012-07-18 20:25:39 UTC

Or shall we provide a virtual machine having both set up? Would that help?

Comment 11 Miroslav Grepl 2012-07-18 20:37:42 UTC

well we are trying to run F-secure together with amavis_t. We need to add more fixes.

Also you will need to add labeling for /opt/f-secure.

Comment 12 Robert Scheck 2012-07-18 21:05:33 UTC

Expected:
restorecon reset /opt/f-secure/fsav/bin context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsdiag context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsav context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/fsavd context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/clstate_update context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/dbupdate context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/dbupdate_lite context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/uninstall-fsav context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/licensetool context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0
restorecon reset /opt/f-secure/fsav/bin/clstate_generator context unconfined_u:object_r:usr_t:s0->unconfined_u:object_r:bin_t:s0

Unexpected:
restorecon reset /var/opt/f-secure/fsaua/data/content/aqualnx32/1342591905/bdcore.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so context system_u:object_r:textrel_shlib_t:s0->system_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/aqualnx32.1342591905/libaqua32.so context system_u:object_r:textrel_shlib_t:s0->system_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/aqualnx32.1342591905/bdcore.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0
restorecon reset /var/opt/f-secure/fssp/databases/fmlibunix.1294643837/libfm-lnx32.so context unconfined_u:object_r:textrel_shlib_t:s0->unconfined_u:object_r:var_t:s0

Comment 13 Robert Scheck 2012-07-18 21:10:16 UTC

type=AVC msg=audit(1342645782.689:162658): avc:  denied  { search } for  pid=5720 comm="fsav" name="5652" dev=proc ino=1271191 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342645782.689:162658): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342645782.689:162658): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.689:162658): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=a a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { search } for  pid=5720 comm="fsav" name="5653" dev=proc ino=1271192 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271199 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=AVC msg=audit(1342645782.691:162659): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271199 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.691:162659): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=20333534 a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { search } for  pid=5720 comm="fsav" name="5687" dev=proc ino=1271196 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { read } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271203 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.691:162660): avc:  denied  { open } for  pid=5720 comm="fsav" name="stat" dev=proc ino=1271203 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.691:162660): arch=40000003 syscall=5 success=yes exit=4 a0=fffc7068 a1=0 a2=30333031 a3=66666667 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.693:162661): avc:  denied  { getattr } for  pid=5720 comm="fsav" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.693:162661): arch=40000003 syscall=195 success=yes exit=0 a0=80704e9 a1=fffc3de0 a2=592ff4 a3=fffbfd2f items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.693:162662): avc:  denied  { write } for  pid=5720 comm="fsav" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.693:162662): arch=40000003 syscall=102 success=no exit=-111 a0=3 a1=fffbb1e0 a2=1210f0 a3=fffbba80 items=0 ppid=5606 pid=5720 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsav" exe="/opt/f-secure/fssp/bin/fsav" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5722" dev=proc ino=1272885 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272926 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.713:162663): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272926 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.713:162663): arch=40000003 syscall=5 success=yes exit=4 a0=ffb246c8 a1=0 a2=30203338 a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5723" dev=proc ino=1272886 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=dir
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272988 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=AVC msg=audit(1342645782.714:162664): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1272988 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=file
type=SYSCALL msg=audit(1342645782.714:162664): arch=40000003 syscall=5 success=yes exit=4 a0=ffb246c8 a1=0 a2=30363532 a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=501 sgid=501 fsgid=501 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162665): avc:  denied  { unlink } for  pid=5721 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.716:162665): arch=40000003 syscall=10 success=yes exit=0 a0=809f548 a1=ffb20450 a2=808a01c a3=809f548 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162666): avc:  denied  { setattr } for  pid=5721 comm="fsavd" name=".fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645782.716:162666): arch=40000003 syscall=15 success=yes exit=0 a0=809f548 a1=180 a2=3 a3=809f548 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162667): avc:  denied  { read } for  pid=5721 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645782.716:162667): avc:  denied  { open } for  pid=5721 comm="fsavd" name="db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.716:162667): arch=40000003 syscall=5 success=yes exit=4 a0=80c4480 a1=8040 a2=1a4 a3=80c4480 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.716:162668): avc:  denied  { read } for  pid=5721 comm="fsavd" name="databases" dev=vda1 ino=132571 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
type=SYSCALL msg=audit(1342645782.716:162668): arch=40000003 syscall=5 success=yes exit=5 a0=ffb1c220 a1=98800 a2=ffb1c240 a3=ffb1f290 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.727:162669): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.727:162669): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=5 a2=5 a3=9630819 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.727:162670): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.727:162670): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb19668 a2=3b4ff4 a3=96941f8 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.826:162671): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.826:162671): arch=40000003 syscall=197 success=yes exit=0 a0=6 a1=ffb19308 a2=3b4ff4 a3=96941f8 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645782.839:162672): avc:  denied  { read } for  pid=5721 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645782.839:162672): avc:  denied  { open } for  pid=5721 comm="fsavd" name="fsedb.dat" dev=vda1 ino=133860 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645782.839:162672): arch=40000003 syscall=5 success=yes exit=6 a0=144cb27 a1=0 a2=1b6 a3=137402c items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { search } for  pid=5721 comm="fsavd" name="5652" dev=proc ino=1271191 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=dir
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { read } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=AVC msg=audit(1342645783.089:162673): avc:  denied  { open } for  pid=5721 comm="fsavd" name="stat" dev=proc ino=1271198 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:system_r:postfix_smtpd_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.089:162673): arch=40000003 syscall=5 success=yes exit=8 a0=ffb19f08 a1=0 a2=a a3=66666667 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.464:162674): avc:  denied  { read } for  pid=5721 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=AVC msg=audit(1342645783.464:162674): avc:  denied  { open } for  pid=5721 comm="fsavd" name="xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.464:162674): arch=40000003 syscall=5 success=yes exit=7 a0=99cb050 a1=8000 a2=0 a3=99cb008 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.465:162675): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/aqualnx32.1342591905/xlmrd.cvd" dev=vda1 ino=135518 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.465:162675): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb19c90 a2=3b4ff4 a3=7 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.465:162676): avc:  denied  { execmem } for  pid=5721 comm="fsavd" scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:system_r:amavis_t:s0 tclass=process
type=SYSCALL msg=audit(1342645783.465:162676): arch=40000003 syscall=192 success=yes exit=15400960 a0=0 a1=187c a2=7 a3=22 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.494:162677): avc:  denied  { create } for  pid=5721 comm="fsavd" name="tmp00000000" scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=AVC msg=audit(1342645783.494:162677): avc:  denied  { read write open } for  pid=5721 comm="fsavd" name="tmp00000000" dev=vda1 ino=522612 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.494:162677): arch=40000003 syscall=5 success=yes exit=7 a0=17b380 a1=8242 a2=1a4 a3=ffb19bc4 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645783.494:162678): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/tmp/tmp76369c6a/tmp00000000" dev=vda1 ino=522612 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645783.494:162678): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=ffb18f08 a2=3b4ff4 a3=7 items=0 ppid=5720 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645788.869:162679): avc:  denied  { getattr } for  pid=5721 comm="fsavd" path="/tmp/.fsav-497" dev=vda1 ino=521223 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1342645788.869:162679): arch=40000003 syscall=195 success=yes exit=0 a0=809f548 a1=ffb204a0 a2=3b4ff4 a3=809f548 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)

Comment 14 Robert Scheck 2012-07-18 21:11:19 UTC

Whoops, didn't copy everything, this was additionally missing:

type=AVC msg=audit(1342645816.899:162680): avc:  denied  { unlink } for  pid=5721 comm="fsavd" name="tmp00000000" dev=vda1 ino=522615 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=unconfined_u:object_r:amavis_tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1342645816.899:162680): arch=40000003 syscall=10 success=yes exit=0 a0=ffb1e3f0 a1=ffb1e390 a2=80947dc a3=9f017e0 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645818.902:162681): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/db.lock" dev=vda1 ino=132596 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
type=SYSCALL msg=audit(1342645818.902:162681): arch=40000003 syscall=143 success=yes exit=0 a0=4 a1=c a2=80c6484 a3=1 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)
type=AVC msg=audit(1342645818.905:162682): avc:  denied  { lock } for  pid=5721 comm="fsavd" path="/var/opt/f-secure/fssp/databases/hydralinux.1342632943/libfsecr32-linux.so" dev=vda1 ino=133837 scontext=unconfined_u:system_r:amavis_t:s0 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=file
type=SYSCALL msg=audit(1342645818.905:162682): arch=40000003 syscall=143 success=yes exit=0 a0=5 a1=c a2=9632838 a3=1 items=0 ppid=1 pid=5721 auid=0 uid=497 gid=497 euid=497 suid=497 fsuid=497 egid=497 sgid=497 fsgid=497 tty=(none) ses=1231 comm="fsavd" exe="/opt/f-secure/fssp/sbin/fsavd" subj=unconfined_u:system_r:amavis_t:s0 key=(null)

Comment 15 Daniel Walsh 2012-07-19 15:04:29 UTC

First thing to lower the noice would be to add

domain_dontaudit_read_all_domains_state(amavis_t)

Secondly would be to label the content under /var/opt/f-secure as amavis_var_lib_t

# semanage fcontext -a -t amavis_var_lib_t '/var/opt/f-secure(/.*)?'
# restorecon -R -v /var/opt/f-secure

the execmem is a little concerning, is this tool using java?

Comment 16 Miroslav Grepl 2012-07-19 20:55:40 UTC

The rule/context will be in the next RHEL6.4 build.

What does

# rpm -qf /var/opt/f-secure

I think a user will need to run the restorecon but we should have this labeling in the policy.

Comment 17 Miroslav Grepl 2012-07-19 20:56:28 UTC

Probably we also will need rules which we have for clamav

tunable_policy(`clamd_use_jit',`
    allow clamd_t self:process execmem;
    allow clamscan_t self:process execmem;
', `
    dontaudit clamd_t self:process execmem;
    dontaudit clamscan_t self:process execmem;
')

Comment 18 Robert Scheck 2012-07-20 11:17:44 UTC

# rpm -qf /var/opt/f-secure/
f-secure-security-platform-2.50.12134-1.i586
#

Comment 19 Robert Scheck 2012-07-20 11:19:03 UTC

(In reply to comment #15)
> Secondly would be to label the content under /var/opt/f-secure as
> amavis_var_lib_t

No, that would be absolutely wrong. See attached "rpm -qvl".

> the execmem is a little concerning, is this tool using java?

No, but F-Secure might use similar technologies like ClamAV.

Comment 20 Robert Scheck 2012-07-20 11:19:44 UTC

Created attachment 599363 [details]
"rpm -qivl" for F-Secure RPM packages (in standalone setup)

Comment 21 Miroslav Grepl 2012-07-23 04:50:33 UTC

So we should just label 

/var/opt/f-secure/fssp/databases


amavis_var_lib_t? Could you try it?

Comment 22 Robert Scheck 2012-07-23 07:28:55 UTC

No! None of the F-Secure signature databases ever should be labeled as 
amavis_var_lib_t. F-Secure is not Amavisd-New specific, it's a generic
anti-virus software like ClamAV is. ClamAV uses clamd_var_lib_t for the
signature database directory and something equivalent should be used by
F-Secure to. Even none of the directories/files mentioned in my posted
"rpm -qivl" ever should be labeled with any Amavisd-New file context...

Comment 23 Miroslav Grepl 2012-07-23 11:02:13 UTC

It does not mean the directory can not be labeled as we suggest. We can add a new file type for a directory so we try to find the best solution with the current labeling.

Comment 24 Daniel Walsh 2012-07-23 14:52:08 UTC

I think we should probably create a type like antivirus_db_t and start labelling all this content the same, since it is all the same stuff from a security point of view.

Comment 25 Robert Scheck 2012-07-25 19:27:35 UTC

Miroslav, if I "randomly" label /var/opt/f-secure/fssp/databases as
amavis_var_lib_t, it will cause trouble, if I run a fsav scan from a
other service, right? That wouldn't be generic at all...

Comment 26 Miroslav Grepl 2012-07-26 05:38:21 UTC

I like Dan's idea. I would add a new policy

antivirus.te

with this labeling and we could start to merge these antivirus apps together.

Comment 27 Miroslav Grepl 2012-10-09 21:19:20 UTC

I have just implemented a new antivirus policy to Fedora18 and will backport to RHEL6 ASAP.

Comment 30 errata-xmlrpc 2013-02-21 08:25:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0314.html

Note You need to log in before you can comment on or make changes to this bug.