• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

selinux module

H

Heppi75

Basic Pleskian
hi,

each day I have error messages because of clam AV scan - it is a selinux problem - I already have a selinux module created - but the error is not solved. could anyone have a look at it? I think the module should allow write, read access to the files for clamscan?

selinux error:
Code: 
Additional Information:
Source Context                system_u:system_r:antivirus_t:s0-s0:c0.c1023
Target Context                system_u:object_r:httpd_sys_rw_content_t:s0
Target Objects                sess_604rv54bntl70jig0bjf1lfja4 [ file ]
Source                        clamscan
Source Path                   /usr/bin/clamscan
Port                          <Unknown>
Host                          myserver.com
Source RPM Packages           clamav-0.99.1-1.el7.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-60.el7_2.3.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     myserver.com
Platform                      Linux myserver.com
                              3.10.0-327.18.2.el7.x86_64 #1 SMP Thu May 12
                              11:03:55 UTC 2016 x86_64 x86_64
Alert Count                   94
First Seen                    2016-05-15 03:56:15 CEST
Last Seen                     2016-05-17 03:45:49 CEST
Local ID                      68ee97b8-2226-4481-97be-1eeccbb0e566

Raw Audit Messages
type=AVC msg=audit(1463449549.453:49931): avc:  denied  { read } for  pid=9274 comm="clamscan" name="sess_604rv54bntl70jig0bjf1lfja4" dev="dm-1" ino=67123073 scontext=system_u:system_r:antivirus_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file


type=SYSCALL msg=audit(1463449549.453:49931): arch=x86_64 syscall=open success=no exit=EACCES a0=7f16e0aee540 a1=0 a2=0 a3=fffffffffffffb85 items=0 ppid=9135 pid=9274 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5454 comm=clamscan exe=/usr/bin/clamscan subj=system_u:system_r:antivirus_t:s0-s0:c0.c1023 key=(null)

Hash: clamscan,antivirus_t,httpd_sys_rw_content_t,file,read

selinux module:
Code: 
module clamscanlocal 1.0;

require {
    type antivirus_t;
    type httpd_sys_rw_content_t;
    type usr_t;
    class dir search;
    class file { write read getattr append };
}

#============= antivirus_t ==============

#!!!! This avc can be allowed using the boolean 'antivirus_can_scan_system'
allow antivirus_t httpd_sys_rw_content_t:dir search;

#!!!! This avc can be allowed using the boolean 'antivirus_can_scan_system'
allow antivirus_t httpd_sys_rw_content_t:file getattr;
allow antivirus_t usr_t:file { write read append };
 
You must log in or register to reply here.

Similar threads

danami
Forwarded to devs SELinux errors due to ARC mail handler
Replies
2
Views
548
Kaspar@Plesk
Kaspar@Plesk
danami
Anacron job 'cron.daily' /etc/cron.daily/logrotate errors
Replies
2
Views
2K
danami
danami
H
unable to open TransferLog '/var/log/plesk/xferlog': Permission denied
Replies
2
Views
2K
wwwAndries
wwwAndries
raytracy
Resolved Update #4 cause 502 Bad Gateway?
Replies
5
Views
6K
raytracy
raytracy
S
Question SElinux breaks Qmail in upgrade to Onyx
Replies
7
Views
2K
southy
S
Back
Top