[clamav-users] Using OnAccess scanning with Selinux
Mickey Sola
msola at sourcefire.com
Thu Feb 14 20:58:43 UTC 2019
Hi all,
I couldn't get this issue to reproduce on my test system, but I've put
together a very quick and dirty patch that *should* allow for clamd to
recover from an unexpected SELinux denial. It's not an ideal fix, but I'm
hoping it'll work as intended and will fit your needs until the policy is
updated. I've attached the patch here. Hoping you guys can test it out,
since I can't get the issue to reproduce reliably on a stock CentOS 7.6
install.
- Mickey
On Thu, Feb 14, 2019 at 10:54 AM Dave Lahn <david.lahn at forward3d.com> wrote:
> Hi,
>
> We are also seeing the same issue. Did anyone make any progress with this?
>
> The odd thing is, we aren't even seeing any denials in the audit log for
> SELinux, and we have the SELinux booleans set for ClamAV.
>
> When we try to do exclusions, we are also seeing things like this:
>
> "Permission denied to stat /proc/1111 to exclude UIDs... perhaps SELinux
> denial?"
>
> --
> *David Lahn*
> DevOps Engineer
> Development
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190214/bffe186e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-onas-adding-recovery-for-SELinux-denial.patch
Type: text/x-patch
Size: 1464 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190214/bffe186e/attachment.bin>
More information about the clamav-users
mailing list